1KEYMOD(1)             User Contributed Perl Documentation            KEYMOD(1)
2
3
4

NAME

6       keymod - Modifies key parameters in a DNSSEC-Tools keyrec file
7

SYNOPSIS

9         keymod [options] keyrec1 ... keyrecN
10

DESCRIPTION

12       keymod modifies the key parameters in a keyrec file that are used to
13       generate cryptographics keys used to sign zones.  The new parameters
14       will be used by zonesigner when generating new keys.  It has no effect
15       on existing keys.
16
17       zonesigner will use the new parameter for a zone the next time it
18       generates a key that requires that parameter.  This means that, for
19       example, a new ZSK length will not be used during the next invocation
20       of zonesigner if that invocation will be performing KSK-rollover
21       actions.
22
23       The following fields may be modified:
24
25           kskcount - count of KSK keys
26           ksklength - length of KSK keys
27           ksklife - lifetime of KSK keys
28           random - random number generator device file
29           revperiod - revocation period for KSK keys
30           zskcount - count of ZSK keys
31           zsklength - length of ZSK keys
32           zsklife - lifetime of ZSK keys
33
34       New key/value fields will be added to a zone keyrec file to inform
35       zonesigner that new values should be used.  The key portion of the
36       added fields will begin with "new_".  For example, a new KSK length of
37       2048 will be written to the keyrec file as:
38
39           new_ksklength        2048
40
41       All zone records in the specified keyrec file will be modified, unless
42       the -zone option is given.  In that case, only the named zone will be
43       modified.
44
45       If a zone keyrec already contains a new key/value field, then the value
46       will be modified on subsequent runs of keymod.
47

OPTIONS

49       keymod recognizes the following options.  Multiple options may be
50       combined in a single keymod execution.
51
52       All numeric values must be positive or zero.
53
54       If a new key/value field should be deleted from a zone keyrec, then a
55       zero or empty string value should be specified for the appropriate
56       option.
57
58       -zone zonename
59           The zone keyrec whose name matches zonename is selected as the only
60           keyrec that will be modified.  If this name is not given, then all
61           zone keyrec records will be modified.
62
63       -ksklength ksklength
64           The ksklength field will be modified in the selected keyrec records
65           to the given value.  This is a numeric field whose values depend on
66           the cryptographic algorithm to be used to generate keys for the
67           zone.
68
69       -kskcount kskcount
70           The kskcount field will be modified in the selected keyrec records
71           to the given value.  This is a numeric field.
72
73       -ksklife ksklife
74           The ksklife field will be modified in the selected keyrec records
75           to the given value.  This is a numeric field.
76
77       -random random
78           The random field will be modified in the selected keyrec records to
79           the given value.  This is a text field that will be passed to the
80           key generator.
81
82       -revperiod revperiod
83           The revperiod field will be modified in the selected keyrec records
84           to the given value.  This is a numeric field.
85
86       -zskcount zskcount
87           The zskcount field will be modified in the selected keyrec records
88           to the given value.  This is a numeric field.
89
90       -zsklength zsklength
91           The zsklength field will be modified in the selected keyrec records
92           to the given value.  This is a numeric field whose values depend on
93           the cryptographic algorithm to be used to generate keys for the
94           zone.
95
96       -zsklife zsklife
97           The zsklife field will be modified in the selected keyrec records
98           to the given value.  This is a numeric field.
99
100       -nocheck
101           If this option is given, the krfcheck command will not be run on
102           the modified keyrec file.
103
104       -verbose
105           Display information about every modification made to the keyrec
106           file.
107
108       -Version
109           Displays the version information for keymod and the DNSSEC-Tools
110           package.
111
112       -help
113           Display a usage message.
114
116       Copyright 2012-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
117       file included with the DNSSEC-Tools package for details.
118

AUTHOR

120       Wayne Morrison, tewok@tislabs.com
121

SEE ALSO

123       zonesigner(8), krfcheck(8)
124
125       Net::DNS::SEC::Tools::keyrec.pm(3)
126
127       file-keyrec(5)
128
129
130
131perl v5.32.1                      2021-01-26                         KEYMOD(1)
Impressum