1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3               [<!ENTITY mdash "&#8212;">]>
4<!--
5 - Copyright (C) 2009, 2011, 2014  Internet Systems Consortium, Inc. ("ISC")
6 -
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
10 -
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
18-->
19
20<refentry id="man.dnssec-revoke">
21  <refentryinfo>
22    <date>January 15, 2014</date>
23  </refentryinfo>
24
25  <refmeta>
26    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
27    <manvolnum>8</manvolnum>
28    <refmiscinfo>BIND9</refmiscinfo>
29  </refmeta>
30
31  <refnamediv>
32    <refname><application>dnssec-revoke</application></refname>
33    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
34  </refnamediv>
35
36  <docinfo>
37    <copyright>
38      <year>2009</year>
39      <year>2011</year>
40      <year>2014</year>
41      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
42    </copyright>
43  </docinfo>
44
45  <refsynopsisdiv>
46    <cmdsynopsis>
47      <command>dnssec-revoke</command>
48      <arg><option>-hr</option></arg>
49      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
50      <arg><option>-V</option></arg>
51      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
52      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
53      <arg><option>-f</option></arg>
54      <arg><option>-R</option></arg>
55      <arg choice="req">keyfile</arg>
56    </cmdsynopsis>
57  </refsynopsisdiv>
58
59  <refsect1>
60    <title>DESCRIPTION</title>
61    <para><command>dnssec-revoke</command>
62      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
63      in RFC 5011, and creates a new pair of key files containing the
64      now-revoked key.
65    </para>
66  </refsect1>
67
68  <refsect1>
69    <title>OPTIONS</title>
70
71    <variablelist>
72      <varlistentry>
73	<term>-h</term>
74        <listitem>
75	  <para>
76	    Emit usage message and exit.
77	  </para>
78        </listitem>
79      </varlistentry>
80
81      <varlistentry>
82        <term>-K <replaceable class="parameter">directory</replaceable></term>
83        <listitem>
84          <para>
85            Sets the directory in which the key files are to reside.
86          </para>
87        </listitem>
88      </varlistentry>
89
90      <varlistentry>
91	<term>-r</term>
92        <listitem>
93	  <para>
94	    After writing the new keyset files remove the original keyset
95	    files.
96	  </para>
97        </listitem>
98      </varlistentry>
99
100      <varlistentry>
101        <term>-v <replaceable class="parameter">level</replaceable></term>
102        <listitem>
103          <para>
104            Sets the debugging level.
105          </para>
106        </listitem>
107      </varlistentry>
108
109      <varlistentry>
110	<term>-V</term>
111        <listitem>
112	  <para>
113	    Prints version information.
114	  </para>
115        </listitem>
116      </varlistentry>
117
118      <varlistentry>
119        <term>-E <replaceable class="parameter">engine</replaceable></term>
120        <listitem>
121          <para>
122            Specifies the cryptographic hardware to use, when applicable.
123          </para>
124          <para>
125            When BIND is built with OpenSSL PKCS#11 support, this defaults
126            to the string "pkcs11", which identifies an OpenSSL engine
127            that can drive a cryptographic accelerator or hardware service
128            module.  When BIND is built with native PKCS#11 cryptography
129            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
130            provider library specified via "--with-pkcs11".
131          </para>
132        </listitem>
133      </varlistentry>
134
135      <varlistentry>
136        <term>-f</term>
137        <listitem>
138          <para>
139            Force overwrite: Causes <command>dnssec-revoke</command> to
140            write the new key pair even if a file already exists matching
141            the algorithm and key ID of the revoked key.
142          </para>
143        </listitem>
144      </varlistentry>
145
146      <varlistentry>
147        <term>-R</term>
148        <listitem>
149          <para>
150	    Print the key tag of the key with the REVOKE bit set but do
151	    not revoke the key.
152          </para>
153        </listitem>
154      </varlistentry>
155    </variablelist>
156  </refsect1>
157
158  <refsect1>
159    <title>SEE ALSO</title>
160    <para><citerefentry>
161        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
162      </citerefentry>,
163      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
164      <citetitle>RFC 5011</citetitle>.
165    </para>
166  </refsect1>
167
168  <refsect1>
169    <title>AUTHOR</title>
170    <para><corpauthor>Internet Systems Consortium</corpauthor>
171    </para>
172  </refsect1>
173
174</refentry><!--
175 - Local variables:
176 - mode: sgml
177 - End:
178-->
179