DNSKEYGEN(1) BSD General Commands Manual DNSKEYGEN(1)
dnskeygen - generate public, private, and shared secret keys for DNS
dnskeygen [-[DHR] size] [-F] [-zhu] [-a] [-c] [-p num] [-s num] -n name
Dnskeygen (DNS Key Generator) is a tool to generate and maintain keys for
DNS Security within the DNS (Domain Name System). Dnskeygen can generate
public and private keys to authenticate zone data, and shared secret keys
to be used for Request/Transaction signatures.
-D Dnskeygen will generate a DSA/DSS key. size must be one of
[512, 576, 640, 704, 768, 832, 896, 960, 1024].
-H Dnskeygen will generate an HMAC-MD5 key. size must be
between 128 and 504.
-R Dnskeygen will generate an RSA key. size must be between
512 and 4096.
-F (RSA only) Use a large exponent for key generation.
-z -h -u These flags define the type of key being generated: Zone (DNS
validation) key, Host (host or service) key or User (e.g.
email) key, respectively. Each key is only allowed to be one
-a Indicates that the key CANNOT be used for authentication.
-c Indicates that the key CANNOT be used for encryption.
-p num Sets the keys protocol field to num; the default is 3
(DNSSEC) if -z or -h is specified and 2 (EMAIL) other
wise. Other accepted values are 1 (TLS), 4 (IPSEC), and 255
-s num Sets the keys strength field to num; the default is 0.
-n name Sets the keys name to name.
Dnskeygen stores each key in two files: K++.private
and K++.key The file
K++.private contains the private key in a portable
format. The file K++.key contains the public key
in the DNS zone file format:
No environmental variables are used.
RFC 2065 on secure DNS and the TSIG Internet Draft.
Olafur Gudmundsson (email@example.com).
The underlying cryptographic math is done by the DNSSAFE and/or Founda
tion Toolkit libraries.
None are known at this time
4th Berkeley Distribution December 2, 1998 4th Berkeley Distribution