.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "KEYMOD 1" .TH KEYMOD 1 2023-07-29 "perl v5.38.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME keymod \- Modifies key parameters in a DNSSEC\-Tools keyrec file .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& keymod [options] keyrec1 ... keyrecN .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBkeymod\fR modifies the key parameters in a keyrec file that are used to generate cryptographics keys used to sign zones. The new parameters will be used by \fBzonesigner\fR when generating \fInew\fR keys. It has no effect on existing keys. .PP \&\fBzonesigner\fR will use the new parameter for a zone the next time it generates a key that requires that parameter. This means that, for example, a new ZSK length will not be used during the \fInext\fR invocation of \&\fBzonesigner\fR if that invocation will be performing KSK-rollover actions. .PP The following fields may be modified: .PP .Vb 8 \& kskcount \- count of KSK keys \& ksklength \- length of KSK keys \& ksklife \- lifetime of KSK keys \& random \- random number generator device file \& revperiod \- revocation period for KSK keys \& zskcount \- count of ZSK keys \& zsklength \- length of ZSK keys \& zsklife \- lifetime of ZSK keys .Ve .PP New key/value fields will be added to a zone \fIkeyrec\fR file to inform \&\fBzonesigner\fR that new values should be used. The key portion of the added fields will begin with "new_". For example, a new KSK length of 2048 will be written to the \fIkeyrec\fR file as: .PP .Vb 1 \& new_ksklength 2048 .Ve .PP All zone records in the specified \fIkeyrec\fR file will be modified, unless the \&\fB\-zone\fR option is given. In that case, only the named zone will be modified. .PP If a zone \fIkeyrec\fR already contains a new key/value field, then the value will be modified on subsequent runs of \fBkeymod\fR. .SH OPTIONS .IX Header "OPTIONS" \&\fBkeymod\fR recognizes the following options. Multiple options may be combined in a single \fBkeymod\fR execution. .PP All numeric values must be positive or zero. .PP If a new key/value field should be deleted from a zone \fIkeyrec\fR, then a zero or empty string value should be specified for the appropriate option. .IP "\fB\-zone zonename\fR" 4 .IX Item "-zone zonename" The zone \fIkeyrec\fR whose name matches \fIzonename\fR is selected as the only \&\fIkeyrec\fR that will be modified. If this name is not given, then all zone \&\fIkeyrec\fR records will be modified. .IP "\fB\-ksklength ksklength\fR" 4 .IX Item "-ksklength ksklength" The \fIksklength\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field whose values depend on the cryptographic algorithm to be used to generate keys for the zone. .IP "\fB\-kskcount kskcount\fR" 4 .IX Item "-kskcount kskcount" The \fIkskcount\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field. .IP "\fB\-ksklife ksklife\fR" 4 .IX Item "-ksklife ksklife" The \fIksklife\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field. .IP "\fB\-random random\fR" 4 .IX Item "-random random" The \fIrandom\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a text field that will be passed to the key generator. .IP "\fB\-revperiod revperiod\fR" 4 .IX Item "-revperiod revperiod" The \fIrevperiod\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field. .IP "\fB\-zskcount zskcount\fR" 4 .IX Item "-zskcount zskcount" The \fIzskcount\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field. .IP "\fB\-zsklength zsklength\fR" 4 .IX Item "-zsklength zsklength" The \fIzsklength\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field whose values depend on the cryptographic algorithm to be used to generate keys for the zone. .IP "\fB\-zsklife zsklife\fR" 4 .IX Item "-zsklife zsklife" The \fIzsklife\fR field will be modified in the selected \fIkeyrec\fR records to the given value. This is a numeric field. .IP \fB\-nocheck\fR 4 .IX Item "-nocheck" If this option is given, the \fBkrfcheck\fR command will \fBnot\fR be run on the modified \fIkeyrec\fR file. .IP \fB\-verbose\fR 4 .IX Item "-verbose" Display information about every modification made to the \fIkeyrec\fR file. .IP \fB\-Version\fR 4 .IX Item "-Version" Displays the version information for \fBkeymod\fR and the DNSSEC-Tools package. .IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. .SH AUTHOR .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBzonesigner\|(8)\fR, \&\fBkrfcheck\|(8)\fR .PP \&\fBNet::DNS::SEC::Tools::keyrec.pm\|(3)\fR .PP \&\fBfile\-keyrec\|(5)\fR