*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> dnskeygen (1)              
Title
Content
Arch
Section
 

DNSKEYGEN(1)

Contents

NAME    [Toc]    [Back]

     dnskeygen -- generate public, private, and shared secret keys for DNS
     Security

SYNOPSIS    [Toc]    [Back]

     dnskeygen [-[DHR] size] [-F] [-zhu] [-a] [-c] [-p num] [-s num] -n name

DESCRIPTION    [Toc]    [Back]

     Dnskeygen (DNS Key Generator) is a tool to generate and maintain keys for
     DNS Security within the DNS (Domain Name System).	Dnskeygen can generate
     public and private keys to authenticate zone data, and shared secret keys
     to be used for Request/Transaction signatures.

     -D 	 Dnskeygen will generate a DSA/DSS key.  ``size'' must be one
		 of [512, 576, 640, 704, 768, 832, 896, 960, 1024].

     -H 	 Dnskeygen will generate an HMAC-MD5 key.  ``size'' must be
		 between 128 and 504.

     -R 	 Dnskeygen will generate an RSA key.  ``size'' must be between
		 512 and 4096.

     -F 	 (RSA only) Use a large exponent for key generation.

     -z -h -u	 These flags define the type of key being generated: Zone (DNS
		 validation) key, Host (host or service) key or User (e.g.
		 email) key, respectively.  Each key is only allowed to be one
		 of these.

     -a 	 Indicates that the key CANNOT be used for authentication.

     -c 	 Indicates that the key CANNOT be used for encryption.

     -p num	 Sets the key's protocol field to num; the default is 3
		 (DNSSEC) if ``-z'' or ``-h'' is specified and 2 (EMAIL) otherwise.
  Other accepted values are 1 (TLS), 4 (IPSEC), and
		 255 (ANY).

     -s num	 Sets the key's strength field to num; the default is 0.

     -n name	 Sets the key's name to name.

   DETAILS    [Toc]    [Back]
     Dnskeygen stores each key in two files: K<name>+<alg>+<footprint>.private
     and K<name>+<alg>+<footprint>.key The file
     K<name>+<alg>+<footprint>.private contains the private key in a portable
     format.  The file K<name>+<alg>+<footprint>.key contains the public key
     in the DNS zone file format:

	   <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus>

ENVIRONMENT    [Toc]    [Back]

     No environmental variables are used.

SEE ALSO    [Toc]    [Back]

      
       
     RFC 2065 on secure DNS and the TSIG Internet Draft.

AUTHOR    [Toc]    [Back]

     Olafur Gudmundsson ([email protected]).

ACKNOWLEDGMENTS    [Toc]    [Back]

     The underlying cryptographic math is done by the DNSSAFE and/or Foundation
 Toolkit libraries.

BUGS    [Toc]    [Back]

     None are known at this time

4th Berkeley Distribution      December 2, 1998      4th Berkeley Distribution
[ Back ]
 Similar pages
Name OS Title
dnskeygen Tru64 Generates public, private, and shared secret keys for DNS Security
ntp-genkeys FreeBSD generate public and private keys
ipsec_keypaircheck Tru64 Checks if public and private keys match
publickey FreeBSD get public or secret key
publickey IRIX retrieve public or secret key
i2d_Netscape_RSA OpenBSD RSA public and private key encoding functions.
d2i_Netscape_RSA OpenBSD RSA public and private key encoding functions.
d2i_RSAPrivateKey OpenBSD RSA public and private key encoding functions.
ObtainPrivateKeyFromPublicKey Tru64 Convert public key to private key (CDSA)
i2d_RSAPublicKey OpenBSD RSA public and private key encoding functions.
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service