- online man pages   

SunOS man pages : dnskeygen (1)

Maintenance Commands                                dnskeygen(1M)


dnskeygen - generate public, private, and shared secret keys for DNS


dnskeygen [ [ -DHR ] size ] [ -F ] [ -zhu ] [ -a ] [ -c ] [ -p num ] [ -s num ] -n name


The dnskeygen utility is a tool to generate and maintain keys for DNS security with the Domain Name System ("DNS"). Use dnskeygen to generate public and private keys to authen- ticate zone data or shared secret keys for request and tran- saction signatures. dnskeygen stores each key in two files: K<name>+<algorithm>+<footprint>.private and K<name>+<algorithm>+<footprint>.key The key is stored in a portable format within K<name>+<alg>+<footprint>.private. The public key is stored in K<name>+<alg>+<footprint>.private in the DNS zone file format: <name> IN KEY <flags><algorithm><protocol><exponent|modulus> The underlying cryptographic math is done by the DNSSAFE and Foundation Toolkit libraries.


The dnskeygen utility supports the following options: -D Generate a DSA/DSS key. The value of size must be one of the following: 512, 576, 640, 704, 768, 832, 896, 960 or 1024. -F Use a large exponent for key generation. Use for RSA only. -H Generate a HMAC-MD5 key. The value of size must be between 128 and 504. -R Generate an RSA key. The value of size must be between 512 and 4096. SunOS 5.8 Last change: 14 Dec 2000 1 Maintenance Commands dnskeygen(1M) -a Cannot use key for authentication. -c Cannot use key for encryption. -h Generate host or service key. -n name Set the key's name to name. -p num Set the key's protocol field to num. The values for num are as follows: 3 If -z or -h is specified (DNSSEC), this is the default value. 2 Unless specified, the default value for all other options. 1 Use this value for TLS. 4 Use this value for IPSEC. 255 Use this value for ANY. -s num Set the key's strength field to num. The default value of num is 0. -u Generate User key, for example, for email. -z Geenrate Zone key for DNS validation.


See attributes(5) for descriptions of the following attri- butes: ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________| | Interface Stability | Standard Bind 8.2.2 | |_____________________________|_____________________________|


attributes(5) Eastlake III, D. and Kaufman, C. RFC 2065, Domain Name Sys- tem Security Extension. Network Working Group. January 1997. SunOS 5.8 Last change: 14 Dec 2000 2 Maintenance Commands dnskeygen(1M) Vixie, P., Gudmundsson, O., Eastlake III, D., and Welling- ton, B. RFC 2845, Secret Key Transaction Authentication for DNS (TSIG). Network Working Group. May 2000. SunOS 5.8 Last change: 14 Dec 2000 3