$NetBSD: dnssec-revoke.8,v 1.6 2014/12/10 04:37:51 christos Exp $

 Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
 THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.

 Id

 Title: dnssec-revoke
 Author: 
 Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
 Date: January 15, 2014
 Manual: BIND9
 Source: BIND9

 "DNSSEC-REVOKE" "8" "January 15, 2014" "BIND9" "BIND9"
 disable hyphenation
 disable justification (adjust text to left margin only)
 "NAME"
dnssec-revoke - Set the REVOKED bit on a DNSSEC key

 "SYNOPSIS"
 14
dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}

 "DESCRIPTION"

dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.

 "OPTIONS"

-h


Emit usage message and exit.




-K directory


Sets the directory in which the key files are to reside.




-r


After writing the new keyset files remove the original keyset files.




-v level


Sets the debugging level.




-V


Prints version information.




-E engine


Specifies the cryptographic hardware to use, when applicable.
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".




-f


Force overwrite: Causes
dnssec-revoke
to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.




-R


Print the key tag of the key with the REVOKE bit set but do not revoke the key.



 "SEE ALSO"

dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.

 "AUTHOR"

Internet Systems Consortium

 "COPYRIGHT"
Copyright \(co 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")