.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "GENKRF 1p" .TH GENKRF 1p "2012-06-21" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" genkrf \- Generate a keyrec file from Key Signing Key (KSK) and/or Zone Signing Key (ZSK) files .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& genkrf [options] [] .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBgenkrf\fR generates a \fIkeyrec\fR file from \s-1KSK\s0 and/or \s-1ZSK\s0 files. It generates new \s-1KSK\s0 and \s-1ZSK\s0 keys if needed. .PP The name of the \fIkeyrec\fR file to be generated is given by the \fB\-krfile\fR option. If this option is not specified, \fBzone\-name.krf\fR is used as the name of the \fIkeyrec\fR file. If the \fIkeyrec\fR file already exists, it will be overwritten with new \fIkeyrec\fR definitions. .PP The \fIzone-file\fR argument is required. It specifies the name of the zone file from which the signed zone file was created. The optional \fIsigned-zone-file\fR argument specifies the name of the signed zone file. If it is not given, then it defaults to \fBzone\-file.signed\fR. The signed zone file field is, in effect, a dummy field as the zone file is not actually signed. .SH "OPTIONS" .IX Header "OPTIONS" \&\fBgenkrf\fR has a number of options that assist in creation of the \fIkeyrec\fR file. These options will be set to the first value found from this search path: .PP .Vb 3 \& command line options \& DNSSEC\-Tools configuration file \& DNSSEC\-Tools defaults .Ve .PP See \fI\fItooloptions.pm\fI\|(3)\fR for more details. Exceptions to this are given in the option descriptions. .PP The \fBgenkrf\fR options are described below. .SS "General \fBgenkrf\fP Options" .IX Subsection "General genkrf Options" .IP "\fB\-zone zone-name\fR" 4 .IX Item "-zone zone-name" This option specifies the name of the zone. If it is not given then \&\fIzone-file\fR will be used as the name of the zone. .IP "\fB\-krfile keyrec-file\fR" 4 .IX Item "-krfile keyrec-file" This option specifies the name of the \fIkeyrec\fR file to be generated. If it is not given, then \fBzone\-name.krf\fR will be used. .IP "\fB\-algorithm algorithm\fR" 4 .IX Item "-algorithm algorithm" This option specifies the algorithm used to generate encryption keys. .IP "\fB\-endtime endtime\fR" 4 .IX Item "-endtime endtime" This option specifies the time that the signature on the zone expires, measured in seconds. .IP "\fB\-random random-device\fR" 4 .IX Item "-random random-device" Source of randomness used to generate the zone's keys. See the man page for \fBdnssec-signzone\fR for the valid format of this field. .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" Display additional messages during processing. If this option is given at least once, then a message will be displayed indicating the successful generation of the \fIkeyrec\fR file. If it is given twice, then the values of all options will also be displayed. .IP "\fB\-Version\fR" 4 .IX Item "-Version" Displays the version information for \fBgenkrf\fR and the DNSSEC-Tools package. .IP "\fB\-help\fR" 4 .IX Item "-help" Display a usage message. .SS "KSK-related Options" .IX Subsection "KSK-related Options" .IP "\fB\-kskcur KSK-name\fR" 4 .IX Item "-kskcur KSK-name" This option specifies the Current \s-1KSK\s0's key file being used to sign the zone. If this option is not given, a new \s-1KSK\s0 will be created. .IP "\fB\-kskcount KSK-count\fR" 4 .IX Item "-kskcount KSK-count" This option specifies the number of \s-1KSK\s0 keys that will be generated. If this option is not given, the default given in the DNSSEC-Tools configuration file will be used. .IP "\fB\-kskdir KSK-directory\fR" 4 .IX Item "-kskdir KSK-directory" This option specifies the absolute or relative path of the directory where the \s-1KSK\s0 resides. If this option is not given, it defaults to the current directory \*(L".\*(R". .IP "\fB\-ksklength KSK-length\fR" 4 .IX Item "-ksklength KSK-length" This option specifies the length of the \s-1KSK\s0 encryption key. .IP "\fB\-ksklife KSK-lifespan\fR" 4 .IX Item "-ksklife KSK-lifespan" This option specifies the lifespan of the \s-1KSK\s0 encryption key. This lifespan is \fBnot\fR inherent to the key itself. It is \fBonly\fR used to determine when the \s-1KSK\s0 must be rolled over. .SS "ZSK-related Options" .IX Subsection "ZSK-related Options" .IP "\fB\-zskcur ZSK-name\fR" 4 .IX Item "-zskcur ZSK-name" This option specifies the current \s-1ZSK\s0 being used to sign the zone. If this option is not given, a new \s-1ZSK\s0 will be created. .IP "\fB\-zskpub ZSK-name\fR" 4 .IX Item "-zskpub ZSK-name" This option specifies the published \s-1ZSK\s0 for the zone. If this option is not given, a new \s-1ZSK\s0 will be created. .IP "\fB\-zskcount ZSK-count\fR" 4 .IX Item "-zskcount ZSK-count" This option specifies the number of current and published \s-1ZSK\s0 keys that will be generated. If this option is not given, the default given in the DNSSEC-Tools configuration file will be used. .IP "\fB\-zskdir ZSK-directory\fR" 4 .IX Item "-zskdir ZSK-directory" This option specifies the absolute or relative path of the directory where the ZSKs reside. If this option is not given, it defaults to the current directory \*(L".\*(R". .IP "\fB\-zsklength ZSK-length\fR" 4 .IX Item "-zsklength ZSK-length" This option specifies the length of the \s-1ZSK\s0 encryption key. .IP "\fB\-zsklife ZSK-lifespan\fR" 4 .IX Item "-zsklife ZSK-lifespan" This option specifies the lifespan of the \s-1ZSK\s0 encryption key. This lifespan is \fBnot\fR inherent to the key itself. It is \fBonly\fR used to determine when the \s-1ZSK\s0 must be rolled over. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2005\-2012 \s-1SPARTA\s0, Inc. All rights reserved. See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details. .SH "AUTHOR" .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fB\f(BIdnssec\-keygen\fB\|(8)\fR, \&\fB\f(BIdnssec\-signzone\fB\|(8)\fR, \&\fB\f(BIzonesigner\fB\|(8)\fR .PP \&\fB\f(BINet::DNS::SEC::Tools::conf.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::defaults.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::keyrec.pm\fB\|(3)\fR .PP \&\fB\f(BIconf\fB\|(5)\fR, \&\fB\f(BIkeyrec\fB\|(5)\fR