1KEYMOD(1) User Contributed Perl Documentation KEYMOD(1)
2
6 keymod - Modifies key parameters in a DNSSEC-Tools keyrec file
7
9 keymod [options] keyrec1 ... keyrecN
10
12 keymod modifies the key parameters in a keyrec file that are used to
13 generate cryptographics keys used to sign zones. The new parameters
14 will be used by zonesigner when generating new keys. It has no effect
15 on existing keys.
16 zonesigner will use the new parameter for a zone the next time it
18 generates a key that requires that parameter. This means that, for
19 example, a new ZSK length will not be used during the next invocation
20 of zonesigner if that invocation will be performing KSK-rollover
21 actions.
22 The following fields may be modified:
24 kskcount - count of KSK keys
26 ksklength - length of KSK keys
27 ksklife - lifetime of KSK keys
28 random - random number generator device file
29 revperiod - revocation period for KSK keys
30 zskcount - count of ZSK keys
31 zsklength - length of ZSK keys
32 zsklife - lifetime of ZSK keys
33 New key/value fields will be added to a zone keyrec file to inform
35 zonesigner that new values should be used. The key portion of the
36 added fields will begin with "new_". For example, a new KSK length of
37 2048 will be written to the keyrec file as:
38 new_ksklength 2048
40 All zone records in the specified keyrec file will be modified, unless
42 the -zone option is given. In that case, only the named zone will be
43 modified.
44 If a zone keyrec already contains a new key/value field, then the value
46 will be modified on subsequent runs of keymod.
47
49 keymod recognizes the following options. Multiple options may be
50 combined in a single keymod execution.
51 All numeric values must be positive or zero.
53 If a new key/value field should be deleted from a zone keyrec, then a
55 zero or empty string value should be specified for the appropriate
56 option.
57 -zone zonename
59 The zone keyrec whose name matches zonename is selected as the only
60 keyrec that will be modified. If this name is not given, then all
61 zone keyrec records will be modified.
62 -ksklength ksklength
64 The ksklength field will be modified in the selected keyrec records
65 to the given value. This is a numeric field whose values depend on
66 the cryptographic algorithm to be used to generate keys for the
67 zone.
68 -kskcount kskcount
70 The kskcount field will be modified in the selected keyrec records
71 to the given value. This is a numeric field.
72 -ksklife ksklife
74 The ksklife field will be modified in the selected keyrec records
75 to the given value. This is a numeric field.
76 -random random
78 The random field will be modified in the selected keyrec records to
79 the given value. This is a text field that will be passed to the
80 key generator.
81 -revperiod revperiod
83 The revperiod field will be modified in the selected keyrec records
84 to the given value. This is a numeric field.
85 -zskcount zskcount
87 The zskcount field will be modified in the selected keyrec records
88 to the given value. This is a numeric field.
89 -zsklength zsklength
91 The zsklength field will be modified in the selected keyrec records
92 to the given value. This is a numeric field whose values depend on
93 the cryptographic algorithm to be used to generate keys for the
94 zone.
95 -zsklife zsklife
97 The zsklife field will be modified in the selected keyrec records
98 to the given value. This is a numeric field.
99 -nocheck
101 If this option is given, the krfcheck command will not be run on
102 the modified keyrec file.
103 -verbose
105 Display information about every modification made to the keyrec
106 file.
107 -Version
109 Displays the version information for keymod and the DNSSEC-Tools
110 package.
111 -help
113 Display a usage message.
114
116 Copyright 2012-2014 SPARTA, Inc. All rights reserved. See the COPYING
117 file included with the DNSSEC-Tools package for details.
118
120 Wayne Morrison, tewok@tislabs.com
121
123 zonesigner(8), krfcheck(8)
124 Net::DNS::SEC::Tools::keyrec.pm(3)
126 file-keyrec(5)
128perl v5.36.0 2023-01-19 KEYMOD(1)