Jump to first page
 -92
TSIG Toolbag: dnssec-keygen
n
nUse dnssec-keygen to Generate TSIG keys
n
nUsage:
n   dnssec-keygen -a alg -b bits -n type [options] name
n
n
nUse HMAC-MD5 as algorithm
ntype is host
nBitsize: 256 or larger
nName: unique identifier
uSuggested: host-host.domain.foo.
uWe use: me-friend because of formatting constraints
Usage:
    dnssec-keygen -a alg -b bits -n type [options] name

Required options:
    -a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5
    -b key size, in bits:
        RSAMD5:     [512..4096]
        RSASHA1:     [512..4096]
        DH:     [128..4096]
        DSA:     [512..1024] and divisible by 64
        HMAC-MD5:   [1..512]
    -n nametype: ZONE | HOST | ENTITY | USER
    name: owner of the key
Other options:
    -c <class> (default: IN)
    -e use large exponent (RSAMD5/RSASHA1 only)
    -g <generator> use specified generator (DH only)
    -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
    -p <protocol>: default: 3 [dnssec]
    -s <strength> strength value this key signs DNS records with (default: 0)
    -r <randomdev>: a file containing random data
    -v <verbose level>
Output:
     K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private

TSIGÕs  are just base64 encoded strings.

There are alternative ways to generate them:
 echo ÓThis is a  passphrase" | mmencode -b

or use a little perl scriptÉ
#!/usr/bin/perl
use MIME::Base64;
print encode_base64("@ARGV") ;