DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

dnskeygen(ADMN)


dnskeygen -- generate public, private, and shared secret keys for DNS

Syntax

   dnskeygen [-[DHR] size] [-F] -[zhu] [-a] [-c] [-p num] [-s num] -n name
   

Description

   Dnskeygen (DNS Key Generator) is a tool to generate and maintain keys for
   DNS Security within the DNS (Domain Name System).  Dnskeygen can generate
   public and private keys to authenticate zone data, and shared secret keys
   to be used for Request/Transaction signatures.
   

-D Dnskeygen will generate a DSA/DSS key. ``size'' must be one of [512, 576, 640, 704, 768, 832, 896, 960, 1024].

-H Dnskeygen will generate an HMAC-MD5 key. ``size'' must be between 128 and 504.

-R Dnskeygen will generate an RSA key. ``size'' must be between 512 and 4096.

-F (RSA only) Use a large exponent for key generation.

-z -h -u These flags define the type of key being generated: Zone (DNS validation) key, Host (host or service) key or User (e.g. email) key, respectively. Each key is only allowed to be one of these.

-a Indicates that the key CANNOT be used for authentication.

-c Indicates that the key CANNOT be used for encryption.

-p num Sets the key's protocol field to num ; the default is 3 (DNSSEC) if ``-z'' or ``-h'' is specified and 2 (EMAIL) oth- erwise. Other accepted values are 1 (TLS), 4 (IPSEC), and 255 (ANY).

-s num Sets the key's strength field to num; the default is 0.

-n name Sets the key's name to name.

Details

   Dnskeygen stores each key in two files: K<name>+<alg>+<footprint>.private
   and K<name>+<alg>+<footprint>.key The file
   K<name>+<alg>+<footprint>.private contains the private key in a portable
   format.  The file K<name>+<alg>+<footprint>.key contains the public key
   in the DNS zone file format:
   

<name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus>

Environment

   No environmental variables are used.
   

See also

   RFC 2065 on secure DNS and the TSIG Internet Draft.
   

Author

   Olafur Gudmundsson (ogud@tis.com).
   

Acknowledgements

   The underlying cryptographic math is done by the DNSSAFE and/or Founda-
   tion Toolkit libraries.
   

Bugs

   None are known at this time
   

History

"4th Berkeley Distribution December 2, 1998"
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003