FreeBSD manual
download PDF document: ldns-keygen.1.pdf
ldns-keygen(1) FreeBSD General Commands Manual ldns-keygen(1)
NAME
ldns-keygen - generate a DNSSEC key pair
SYNOPSIS
ldns-keygen [ OPTION ] DOMAIN
DESCRIPTION
ldns-keygen is used to generate a private/public keypair. When run, it
will create 3 files; a .key file with the public DNSKEY, a .private
file with the private keydata and a .ds with the DS record of the
DNSKEY record.
ldns-keygen can also be used to create symmetric keys (for TSIG) by
selecting the appropriate algorithm: hmac-md5.sig-alg.reg.int, hmac-
sha1, hmac-sha224, hmac-sha256, hmac-sha384 or hmac-sha512. In that
case no DS record will be created and no .ds file.
ldns-keygen prints the basename for the key files: K<name>+<alg>+<id>
OPTIONS
-a <algorithm>
Create a key with this algorithm. Specifying 'list' here gives a
list of supported algorithms. Several alias names are also
accepted (from older versions and other software), the list
gives names from the RFC. Also the plain algo number is
accepted.
-b <bits>
Use this many bits for the key length.
-k When given, generate a key signing key. This just sets the flag
field to 257 instead of 256 in the DNSKEY RR in the .key file.
-r device
Make ldns-keygen use this file to seed the random generator
with. This will default to /dev/random.
-s ldns-keygen will create symbolic links named .private to the new
generated private key, .key to the public DNSKEY and .ds to the
file containing DS record data.
-f force symlinks to be overwritten if they exist.
-v Show the version and exit
AUTHOR
Written by the ldns team as an example for ldns usage.
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
27 May 2008 ldns-keygen(1)