test/fixtures/dnssec-keygen/dnssec-keygen


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#!/bin/sh

cat <<\EOF >&2
Usage:
    dnssec-keygen [options] name

Version: 9.11.3-1ubuntu1.5-Ubuntu
    name: owner of the key
Options:
    -K <directory>: write keys into directory
    -a <algorithm>:
        RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA |
        RSASHA256 | RSASHA512 | ECCGOST |
        ECDSAP256SHA256 | ECDSAP384SHA384 |
        ED25519 | ED448 | DH |
        HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |
        HMAC-SHA384 | HMAC-SHA512
       (default: RSASHA1, or NSEC3RSASHA1 if using -3)
    -3: use NSEC3-capable algorithm
    -b <key size in bits>:
        RSAMD5:	[512..4096]
        RSASHA1:	[512..4096]
        NSEC3RSASHA1:	[512..4096]
        RSASHA256:	[512..4096]
        RSASHA512:	[1024..4096]
        DH:		[128..4096]
        DSA:		[512..1024] and divisible by 64
        NSEC3DSA:	[512..1024] and divisible by 64
        ECCGOST:	ignored
        ECDSAP256SHA256:	ignored
        ECDSAP384SHA384:	ignored
        ED25519:	ignored
        ED448:	ignored
        HMAC-MD5:	[1..512]
        HMAC-SHA1:	[1..160]
        HMAC-SHA224:	[1..224]
        HMAC-SHA256:	[1..256]
        HMAC-SHA384:	[1..384]
        HMAC-SHA512:	[1..512]
        (if using the default algorithm, key size
        defaults to 2048 for KSK, or 1024 for all others)
    -n <nametype>: ZONE | HOST | ENTITY | USER | OTHER
        (DNSKEY generation defaults to ZONE)
    -c <class>: (default: IN)
    -d <digest bits> (0 => max, default)
    -E <engine>:
        name of an OpenSSL engine to use
    -f <keyflag>: KSK | REVOKE
    -g <generator>: use specified generator (DH only)
    -L <ttl>: default key TTL
    -p <protocol>: (default: 3 [dnssec])
    -r <randomdev>: a file containing random data
    -s <strength>: strength value this key signs DNS records with (default: 0)
    -T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))
    -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
    -h: print usage and exit
    -m <memory debugging mode>:
       usage | trace | record | size | mctx
    -v <level>: set verbosity level (0 - 10)
    -V: print version information
Timing options:
    -P date/[+-]offset/none: set key publication date (default: now)
    -P sync date/[+-]offset/none: set CDS and CDNSKEY publication date
    -A date/[+-]offset/none: set key activation date (default: now)
    -R date/[+-]offset/none: set key revocation date
    -I date/[+-]offset/none: set key inactivation date
    -D date/[+-]offset/none: set key deletion date
    -D sync date/[+-]offset/none: set CDS and CDNSKEY deletion date
    -G: generate key only; do not set -P or -A
    -C: generate a backward-compatible key, omitting all dates
    -S <key>: generate a successor to an existing key
    -i <interval>: prepublication interval for successor key (default: 30 days)
Output:
     K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private
EOF
exit 255