Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandsdnskeygen(1M)


NAME

 dnskeygen - generate public, private, and shared secret keys for DNS

SYNOPSIS

 dnskeygen [ [-DHR] size] [-F] [-zhu] [-a] [-c] [-p num] [-s num] -n name

DESCRIPTION

 

The dnskeygen utility is a tool to generate and maintain keys for DNS security with the Domain Name System ("DNS"). Use dnskeygen to generate public and private keys to authenticate zone data or shared secret keys for request and transaction signatures.

dnskeygen stores each key in two files:

 
K<name>+<algorithm>+<footprint>.private

and

 
K<name>+<algorithm>+<footprint>.key

The key is stored in a portable format within K<name>+<alg>+<footprint>.private. The public key is stored in K<name>+<alg>+<footprint>.private in the DNS zone file format:

 
<name> IN KEY <flags><algorithm><protocol><exponent|modulus>

The underlying cryptographic math is done by the DNSSAFE and Foundation Toolkit libraries.

OPTIONS

 

The dnskeygen utility supports the following options:

-D
Generate a DSA/DSS key. The value of size must be one of the following: 512, 576, 640, 704, 768, 832, 896, 960 or 1024.
-F
Use a large exponent for key generation. Use for RSA only.
-H
Generate a HMAC-MD5 key. The value of size must be between 128 and 504.
-R
Generate an RSA key. The value of size must be between 512 and 4096.
-a
Cannot use key for authentication.
-c
Cannot use key for encryption.
-h
Generate host or service key.
-n name
Set the key's name to name.
-p num
Set the key's protocol field to num. The values for num are as follows:
3
If -z or -h is specified (DNSSEC), this is the default value.
2
Unless specified, the default value for all other options.
1
Use this value for TLS.
4
Use this value for IPSEC.
255
Use this value for ANY.
-s num
Set the key's strength field to num. The default value of num is 0.
-u
Generate User key, for example, for email.
-z
Generate Zone key for DNS validation.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWcsu
Interface StabilityStandard Bind 8.2.4

SEE ALSO

 

attributes(5)

Eastlake III, D. and Kaufman, C. RFC 2065, Domain Name System Security Extension. Network Working Group. January 1997.

Vixie, P., Gudmundsson, O., Eastlake III, D., and Wellington, B. RFC 2845, Secret Key Transaction Authentication for DNS (TSIG). Network Working Group. May 2000.


SunOS 5.9Go To TopLast Changed 10 Sep 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.