News:

IT Acumens - A Web Designing Company

Main Menu

dnssec-keygen

Started by sukishan, Aug 14, 2009, 08:19 PM

Previous topic - Next topic
Reply
Go Down Pages1
User actions

sukishan

Aug 14, 2009, 08:19 PM
dnssec-keygen
dnssec-keygen [options] domain-name

System administration command. Generate encrypted Secure DNS (DNSSEC) or Transaction Signatures (TSIG) keys for domain-name. When the key is completed, dnssec-keygen prints the key identifier to standard output and creates public and private keyfiles whose names are based on the key identifier and the filename extensions .key and .private. It creates both files even when using an asymmetric algorithm, such as HMAC-MD5. For more information on Secure DNS, see DNS and BIND (O'Reilly), or read RFC 2535.

Options
-a algorithm
Specify the cryptographic algorithm to use. Accepted values are RSAMD5, RSA, DSA, DH, or HMAC-MD5. DSA or RSA should be used for Secure DNS, and HMAC-MD5 for TSIG.

-b bitsize
Specify the key bitsize. Accepted values depend on the encryption algorithm used, but, in general, a larger key size means stronger encryption. 128 bits is usually considered reasonably secure, and 512 quite good.

-c class
The domain record for which the key is being generated should contain class. When this option is not given, a class of IN is assumed.

-e
Use a large exponent when generating an RSA key.

-g generator
Specify the number to use as a generator when creating a DH (Diffie Hellman) key. Accepted values are 2 and 5.

-h
Print a help message, then exit.

-n type
The owner of the key must be of the specified type. Accepted values are ZONE, HOST, ENTITY, or USER.

-p protocol
Specify the protocol value for the generated key. Accepted values are given in RFC 2535 and other DNS Security RFCs. By default, the value is either 2 (email) or 3 (DNSSEC).

-r device
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.

-s type
Specify whether the key can be used for authentication, confirmation, both, or neither. Accepted values for type are AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.
A good beginning makes a good ending
Reply
Go Up Pages1
User actions

Quick Reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it has been approved by a moderator.

Name:
Email:
Verification:
Please leave this box empty:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:

Shortcuts: ALT+S post or ALT+P preview