1GENKRF(1)             User Contributed Perl Documentation            GENKRF(1)
2
3
4

NAME

6       genkrf - Generate a keyrec file from Key Signing Key (KSK) and/or Zone
7       Signing Key (ZSK) files
8

SYNOPSIS

10         genkrf [options] <zone-file> [<signed-zone-file>]
11

DESCRIPTION

13       genkrf generates a keyrec file from KSK and/or ZSK files.  It generates
14       new KSK and ZSK keys if needed.
15
16       The name of the keyrec file to be generated is given by the -krfile
17       option.  If this option is not specified, zone-name.krf is used as the
18       name of the keyrec file.  If the keyrec file already exists, it will be
19       overwritten with new keyrec definitions.
20
21       The zone-file argument is required.  It specifies the name of the zone
22       file from which the signed zone file was created.  The optional signed-
23       zone-file argument specifies the name of the signed zone file.  If it
24       is not given, then it defaults to zone-file.signed.
25

OPTIONS

27       genkrf has a number of options that assist in creation of the keyrec
28       file.  These options will be set to the first value found from this
29       search path:
30
31           command line options
32           DNSSEC-Tools configuration file
33           DNSSEC-Tools defaults
34
35       See tooloptions.pm(3) for more details.  Exceptions to this are given
36       in the option descriptions.
37
38       The genkrf options are described below.
39
40       General genkrf Options
41
42       -zone zone-name
43           This option specifies the name of the zone.  If it is not given
44           then zone-file will be used as the name of the zone.
45
46       -krfile keyrec-file
47           This option specifies the name of the keyrec file to be generated.
48           If it is not given, then zone-name.krf will be used.
49
50       -algorithm algorithm
51           This option specifies the algorithm used to generate encryption
52           keys.
53
54       -endtime endtime
55           This option specifies the time that the signature on the zone
56           expires, measured in seconds.
57
58       -random random-device
59           Source of randomness used to generate the zone's keys. See the man
60           page for dnssec-signzone for the valid format of this field.
61
62       -verbose
63           Display additional messages during processing.  If this option is
64           given at least once, then a message will be displayed indicating
65           the successful generation of the keyrec file.  If it is given
66           twice, then the values of all options will also be displayed.
67
68       -help
69           Display a usage message.
70
71       KSK-related Options
72
73       -kskcur KSK-name
74           This option specifies the Current KSK's key file being used to sign
75           the zone.  If this option is not given, a new KSK will be created.
76
77       -kskcount KSK-count
78           This option specifies the number of KSK keys that will be gener‐
79           ated.  If this option is not given, the default given in the
80           DNSSEC-Tools configuration file will be used.
81
82       -kskdir KSK-directory
83           This option specifies the absolute or relative path of the direc‐
84           tory where the KSK resides.  If this option is not given, it
85           defaults to the current directory ".".
86
87       -ksklength KSK-length
88           This option specifies the length of the KSK encryption key.
89
90       -ksklife KSK-lifespan
91           This option specifies the lifespan of the KSK encryption key.  This
92           lifespan is not inherent to the key itself.  It is only used to
93           determine when the KSK must be rolled over.
94
95       ZSK-related Options
96
97       -zskcur ZSK-name
98           This option specifies the current ZSK being used to sign the zone.
99           If this option is not given, a new ZSK will be created.
100
101       -zskpub ZSK-name
102           This option specifies the published ZSK for the zone.  If this
103           option is not given, a new ZSK will be created.
104
105       -zskcount ZSK-count
106           This option specifies the number of current and published ZSK keys
107           that will be generated.  If this option is not given, the default
108           given in the DNSSEC-Tools configuration file will be used.
109
110       -zskdir ZSK-directory
111           This option specifies the absolute or relative path of the direc‐
112           tory where the ZSKs reside.  If this option is not given, it
113           defaults to the current directory ".".
114
115       -zsklength ZSK-length
116           This option specifies the length of the ZSK encryption key.
117
118       -zsklife ZSK-lifespan
119           This option specifies the lifespan of the ZSK encryption key.  This
120           lifespan is not inherent to the key itself.  It is only used to
121           determine when the ZSK must be rolled over.
122

COPYRIGHT

124       Copyright 2005-2007 SPARTA, Inc.  All rights reserved.  See the COPYING
125       file included with the DNSSEC-Tools package for details.
126

AUTHOR

128       Wayne Morrison, tewok@users.sourceforge.net
129

SEE ALSO

131       dnssec-keygen(8), dnssec-signzone(8), zonesigner(8)
132
133       Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),
134       Net::DNS::SEC::Tools::keyrec.pm(3)
135
136       conf(5), keyrec(5)
137
138
139
140perl v5.8.8                       2007-09-14                         GENKRF(1)