1GENKRF(1)             User Contributed Perl Documentation            GENKRF(1)
2
3
4

NAME

6       genkrf - Generate a keyrec file from Key Signing Key (KSK) and/or Zone
7       Signing Key (ZSK) files
8

SYNOPSIS

10         genkrf [options] <zone-file> [<signed-zone-file>]
11

DESCRIPTION

13       genkrf generates a keyrec file from KSK and/or ZSK files.  It generates
14       new KSK and ZSK keys if needed.
15
16       The name of the keyrec file to be generated is given by the -krfile
17       option.  If this option is not specified, zone-name.krf is used as the
18       name of the keyrec file.  If the keyrec file already exists, it will be
19       overwritten with new keyrec definitions.
20
21       The zone-file argument is required.  It specifies the name of the zone
22       file from which the signed zone file was created.  The optional signed-
23       zone-file argument specifies the name of the signed zone file.  If it
24       is not given, then it defaults to zone-file.signed.  The signed zone
25       file field is, in effect, a dummy field as the zone file is not
26       actually signed.
27

OPTIONS

29       genkrf has a number of options that assist in creation of the keyrec
30       file.  These options will be set to the first value found from this
31       search path:
32
33           command line options
34           DNSSEC-Tools configuration file
35           DNSSEC-Tools defaults
36
37       See tooloptions.pm(3) for more details.  Exceptions to this are given
38       in the option descriptions.
39
40       The genkrf options are described below.
41
42   General genkrf Options
43       -zone zone-name
44           This option specifies the name of the zone.  If it is not given
45           then zone-file will be used as the name of the zone.
46
47       -krfile keyrec-file
48           This option specifies the name of the keyrec file to be generated.
49           If it is not given, then zone-name.krf will be used.
50
51       -algorithm algorithm
52           This option specifies the algorithm used to generate encryption
53           keys.
54
55       -endtime endtime
56           This option specifies the time that the signature on the zone
57           expires, measured in seconds.
58
59       -random random-device
60           Source of randomness used to generate the zone's keys. See the man
61           page for dnssec-signzone for the valid format of this field.
62
63       -verbose
64           Display additional messages during processing.  If this option is
65           given at least once, then a message will be displayed indicating
66           the successful generation of the keyrec file.  If it is given
67           twice, then the values of all options will also be displayed.
68
69       -Version
70           Displays the version information for genkrf and the DNSSEC-Tools
71           package.
72
73       -help
74           Display a usage message.
75
76   KSK-related Options
77       -kskcur KSK-name
78           This option specifies the Current KSK's key file being used to sign
79           the zone.  If this option is not given, a new KSK will be created.
80
81       -kskcount KSK-count
82           This option specifies the number of KSK keys that will be
83           generated.  If this option is not given, the default given in the
84           DNSSEC-Tools configuration file will be used.
85
86       -kskdir KSK-directory
87           This option specifies the absolute or relative path of the
88           directory where the KSK resides.  If this option is not given, it
89           defaults to the current directory ".".
90
91       -ksklength KSK-length
92           This option specifies the length of the KSK encryption key.
93
94       -ksklife KSK-lifespan
95           This option specifies the lifespan of the KSK encryption key.  This
96           lifespan is not inherent to the key itself.  It is only used to
97           determine when the KSK must be rolled over.
98
99   ZSK-related Options
100       -zskcur ZSK-name
101           This option specifies the current ZSK being used to sign the zone.
102           If this option is not given, a new ZSK will be created.
103
104       -zskpub ZSK-name
105           This option specifies the published ZSK for the zone.  If this
106           option is not given, a new ZSK will be created.
107
108       -zskcount ZSK-count
109           This option specifies the number of current and published ZSK keys
110           that will be generated.  If this option is not given, the default
111           given in the DNSSEC-Tools configuration file will be used.
112
113       -zskdir ZSK-directory
114           This option specifies the absolute or relative path of the
115           directory where the ZSKs reside.  If this option is not given, it
116           defaults to the current directory ".".
117
118       -zsklength ZSK-length
119           This option specifies the length of the ZSK encryption key.
120
121       -zsklife ZSK-lifespan
122           This option specifies the lifespan of the ZSK encryption key.  This
123           lifespan is not inherent to the key itself.  It is only used to
124           determine when the ZSK must be rolled over.
125

COPYRIGHT

127       Copyright 2005-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
128       file included with the DNSSEC-Tools package for details.
129

AUTHOR

131       Wayne Morrison, tewok@tislabs.com
132

SEE ALSO

134       dnssec-keygen(8), dnssec-signzone(8), zonesigner(8)
135
136       Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),
137       Net::DNS::SEC::Tools::keyrec.pm(3)
138
139       conf(5), keyrec(5)
140
141
142
143perl v5.34.0                      2021-07-21                         GENKRF(1)