1LSKRF(1) User Contributed Perl Documentation LSKRF(1)
2
6 lskrf - List the keyrecs in a DNSSEC-Tools keyrec file
7
9 lskrf [options] <keyrec-files>
10
12 lskrf lists the contents of the specified keyrec files. All keyrec
13 files are loaded before the output is displayed. If any keyrecs have
14 duplicated names, whether within one file or across multiple files, the
15 later keyrec will be the one whose data are displayed.
16 lskrf has three base output formats. In ascending levels of detail,
18 these formats are terse output, default format, and long format. Terse
19 output is given when the -terse option is specified; long output is
20 given when the -long option is specified.
21 The output displayed for each record in a keyrec file depends on the
23 selected records, the selected attributes, and the selected output for‐
24 mat. Each option in these option groups is described in detail in the
25 OPTIONS section; the three basic output formats are described in the
26 OUTPUT FORMATS section.
27
29 keyrec files hold three types of keyrec records: zone records, signing
30 set records, and key records. Each type of keyrec record contains
31 keyrec fields related to that type. For example, zone keyrec records
32 contain data about all the keys associated with a particular zone; key
33 keyrec records contain key lengths and algorithms for each particular
34 key. The data to be printed must be specified by selecting some combi‐
35 nation of the -zone, -set, -key, and -all options. There are also
36 options for specifying specific types of keys to be printed.
37 The three base output formats are the default format, the terse format,
39 and the long format. The -terse option indicates that a minimal amount
40 of output is desired; the -long option indicates that a great deal of
41 output is desired. The record-selection and attribute-selection
42 options may be used in conjunction with -terse to display exactly the
43 set of keyrec fields needed. The default output format is a middle
44 ground between terse and long output and is that used when neither
45 -terse nor <-long> is given.
46 Zone keyrec Output
48 The table below shows the zone keyrec fields displayed for each output
50 format.
51 keyrec field default terse long
53 ------------ ------- ----- ----
54 keyrec type yes no yes
55 zone name yes yes yes
56 zone file yes no yes
57 signed zonefile yes no yes
58 signing date yes no yes
59 expiration date no no yes
60 archive directory no no yes
61 KSK count no no yes
62 KSK directory no no yes
63 current KSK set no no yes
64 published KSK set no no yes
65 ZSK count no no yes
66 ZSK directory no no yes
67 current ZSK set no no yes
68 published ZSK set no no yes
69 new ZSK set no no yes
70 Set keyrec Output
72 The table below shows the signing set keyrec fields displayed for each
74 output format.
75 keyrec field default terse long
77 ------------ ------- ----- ----
78 keyrec type no no yes
79 set name yes yes yes
80 zone name yes no yes
81 keys yes no yes
82 last modification date no no yes
83 Key keyrec Output
85 The table below shows the key keyrec fields displayed for each output
87 format.
88 keyrec field default terse long
90 ------------ ------- ----- ----
91 keyrec type yes no yes
92 key name yes yes yes
93 algorithm no no yes
94 end date no no yes
95 generation date yes no yes
96 key length no no yes
97 key life no no yes
98 key path no no yes
99 keys no no yes
100 random number generator no no yes
101 zone name yes no yes
102
104 lskrf takes three types of options: record-selection options, record-
105 attribute options, and output-style options. These option sets are
106 detailed below.
107 Record-selection options are required options; at least one record-
109 selection option must be selected. Record-attribute options and out‐
110 put-style options are optional options; any number of these option may
111 be selected.
112 Record-Selection Options
114 These options select the types of keyrec that will be displayed.
116 -all
118 This option displays all the records in a keyrec file.
119 -zones
121 This option displays the zones in a keyrec file.
122 -sets
124 This option displays the signing sets in a keyrec file.
125 -keys
127 This option displays the keys in a keyrec file.
128 The key data are sorted by key type in the following order: Cur‐
130 rent KSKs, Published KSKs, Current ZSKs, Published ZSKs, New ZSKs,
131 Obsolete KSKs, and Obsolete ZSKs.
132 -ksk
134 This option displays the KSK keys in a keyrec file.
135 -kcur
137 This option displays the Current KSK keys in a keyrec file.
138 -kpub
140 This option displays the Published KSK keys in a keyrec file.
141 -kobs
143 This option displays the obsolete KSK keys in a keyrec file. This
144 option must be give if obsolete KSK keys are to be displayed.
145 -zsk
147 This option displays the ZSK keys in a keyrec file. It does not
148 include obsolete ZSK keys; the -obs option must be specified to
149 display obsolete keys.
150 -cur
152 This option displays the Current ZSK keys in a keyrec file.
153 -new
155 This option displays the New ZSK keys in a keyrec file.
156 -pub
158 This option displays the Published ZSK keys in a keyrec file.
159 -zobs
161 This option displays the obsolete ZSK keys in a keyrec file. This
162 option must be give if obsolete ZSK keys are to be displayed.
163 -obs
165 This option displays the obsolete KSK and ZSK keys in a keyrec
166 file. This option is a shorthand method specifying the -kobs and
167 -zobs options.
168 Record-Attribute Options
170 These options select subsets of the keyrecs chosen by the record-selec‐
172 tion options.
173 -valid
175 This option displays the valid zones in a keyrec file. It implies
176 the -zones option.
177 -expired>
179 This option displays the expired zones in a keyrec file. It
180 implies the -zones option.
181 -ref
183 This option displays the referenced signing set keyrecs and the
184 referenced key keyrecs in a keyrec file, depending upon other
185 selected options.
186 Referenced state depends on the following:
188 * Signing sets are considered to be referenced if they
190 are listed in a zone keyrec.
191 * KSKs are considered to be referenced if they are listed
193 in a signing set keyrec that is listed in a zone keyrec.
194 * ZSKs are considered to be referenced if they are listed
196 in a signing set keyrec that is listed in a zone keyrec.
197 This option may be used with either the -sets or -keys options. If
199 it isn't used with any record-selection options, then it is assumed
200 that both -sets and -keys have been specified.
201 -unref
203 This option displays the unreferenced signing set keyrecs or the
204 unreferenced key keyrecs in a keyrec file, depending upon other
205 selected options.
206 Unreferenced state depends on the following:
208 * Signing sets are considered to be unreferenced if they
210 are not listed in a zone keyrec.
211 * KSKs are considered to be unreferenced if they are not listed
213 in a signing set keyrec that is listed in a zone keyrec.
214 * ZSKs are considered to be unreferenced if they are not listed
216 in a signing set keyrec that is listed in a zone keyrec.
217 * Obsolete ZSKs are checked, whether or not the -obs flag
219 was specified.
220 This option may be used with either the -sets or -keys options. If
222 it isn't used with any record-selection options, then it is assumed
223 that both -sets and -keys have been specified.
224 Zone-Attribute Options
226 These options allow specific zone fields to be included in the output.
228 If combined with the -terse option, only those fields specifically
229 desired will be printed. These options must be used with the -zone
230 option.
231 -z-archdir
233 Display the zone's archive directory. If an archive directory is
234 not explicitly set for the zone, the default directory will be
235 listed.
236 -z-dates
238 Display the zone's time-stamps. These are the signing date and the
239 expiration date.
240 -z-dirs
242 Display the zone's directories. These directories are the KSK
243 directory, the ZSK directory, and the key archive directory.
244 -z-expdate
246 Display the zone's expiration date.
247 -z-ksk
249 Display the zone's KSK data. This is the equivalent of specifying
250 the -z-kskcount, -z-kskcur, -z-kskdir, and -z-kskpub options.
251 -z-kskcount
253 Display the zone's KSK count.
254 -z-kskcur
256 Display the zone's Current KSK signing set. If this is not
257 defined, then "<unset>" will be given.
258 -z-kskdir
260 Display the zone's KSK directory. If this is not defined, then "."
261 will be given.
262 -z-kskpub
264 Display the zone's Published KSK signing set. If this is not
265 defined, then "<unset>" will be given.
266 -z-sets
268 Display the zone's signing sets. This is the equivalent of speci‐
269 fying the -z-kskcur, -z-kskpub, -z-zskcur, -z-zsknew, and -z-zskpub
270 options.
271 -z-signdate
273 Display the zone's signing date.
274 -z-signfile
276 Display the zone's signed zonefile.
277 -z-zonefile
279 Display the zone's zonefile.
280 -z-zsk
282 Display the zone's ZSK data. This is the equivalent of specifying
283 the -z-zskcount, -z-zskcur, -z-zskdir, -z-zsknew, and -z-zskpub
284 options.
285 -z-zskcount
287 Display the zone's ZSK count.
288 -z-zskcur
290 Display the zone's Current ZSK signing set. If this is not
291 defined, then "<unset>" will be given.
292 -z-zskdir
294 Display the zone's ZSK directory. If this is not defined, then "."
295 will be given.
296 -z-zsknew
298 Display the zone's New ZSK signing set. If this is not defined,
299 then "<unset>" will be given.
300 -z-zskpub
302 Display the zone's Published ZSK signing set. If this is not
303 defined, then "<unset>" will be given.
304 Set-Attribute Options
306 These options allow specific set fields to be included in the output.
308 If combined with the -terse option, only those fields specifically
309 desired will be printed. These options must be used with the -set
310 option.
311 -s-keys
313 Display the set's keys.
314 -s-lastmod
316 Display the set's date of last modification.
317 -s-zone
319 Display the set's zone name.
320 Key-Attribute Options
322 These options allow specific key fields to be included in the output.
324 If combined with the -terse option, only those fields specifically
325 desired will be printed. These options must be used with the -key
326 option.
327 -k-algorithm
329 Display the key's encryption algorithm.
330 -k-enddate
332 Display the key's end-date, calculated by adding the key's lifespan
333 to its signing date.
334 -k-length
336 Display the key's length.
337 -k-lifespan
339 Display the key's lifespan (in seconds.) This lifespan is only
340 related to the time between key roll-over. There is no other life‐
341 span associated with a key.
342 -k-path
344 Display the key's path.
345 -k-random
347 Display the key's random number generator.
348 -k-signdate
350 Display the key's signing date.
351 -k-zone
353 Display the key's zonefile.
354 Output-Format Options
356 These options define how the keyrec information will be displayed.
358 Without any of these options, the zone name, zone file, zone-signing
360 date, and a label will be displayed for zones. For types, the key
361 name, the key's zone, the key's generation date, and a label will be
362 displayed if these options aren't given.
363 -count
365 The count of matching records will be displayed, but the matching
366 records will not be.
367 -nodate
369 The key's generation date will not be printed if this flag is
370 given.
371 -headers
373 Display explanatory column headers. If this flag is given, then
374 entry labels will not be printed unless explicitly requested by use
375 of the -label option.
376 -label
378 A label for the keyrec's type will be given.
379 -long
381 The long form of output will be given. See the OUTPUT FORMATS sec‐
382 tion for details on data printed for each type of keyrec record.
383 Long zone output can get very wide, depending on the data.
385 -terse
387 This options displays only the name of the zones or keys selected
388 by other options.
389 -help
391 Display a usage message and exit.
392 -h-zones
394 Display the zone-attribute options and exit.
395 -h-sets
397 Display the set-attribute options and exit.
398 -h-keys
400 Display the key-attribute options and exit.
401
403 Copyright 2005-2007 SPARTA, Inc. All rights reserved. See the COPYING
404 file included with the DNSSEC-Tools package for details.
405
407 Wayne Morrison, tewok@users.sourceforge.net
408
410 zonesigner(8)
411 Net::DNS::SEC::Tools::keyrec.pm(3)
413 file-keyrec(5)
415perl v5.8.8 2007-09-14 LSKRF(1)