|
|
|
|
|
Usage:
|
|
dnssec-keygen -a alg -b
bits -n type [options] name
|
|
|
|
Required
options:
|
|
-a algorithm: RSA |
RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5
|
|
-b key size, in bits:
|
|
RSAMD5: [512..4096]
|
|
RSASHA1: [512..4096]
|
|
DH: [128..4096]
|
|
DSA: [512..1024]
and divisible by 64
|
|
HMAC-MD5: [1..512]
|
|
-n nametype: ZONE | HOST
| ENTITY | USER
|
|
name: owner of the key
|
|
Other options:
|
|
-c <class>
(default: IN)
|
|
-e use large exponent
(RSAMD5/RSASHA1 only)
|
|
-g <generator> use
specified generator (DH only)
|
|
-t <type>:
AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
|
|
-p <protocol>:
default: 3 [dnssec]
|
|
-s <strength>
strength value this key signs DNS records with (default: 0)
|
|
-r <randomdev>: a
file containing random data
|
|
-v <verbose level>
|
|
Output:
|
|
K<name>+<alg>+<id>.key,
K<name>+<alg>+<id>.private
|
|
|
|
TSIGÕs are just base64 encoded strings.
|
|
|
|
There are
alternative ways to generate them:
|
|
echo ÓThis is a passphrase" | mmencode -b
|
|
|
|
or use a little
perl scriptÉ
|
|
#!/usr/bin/perl
|
|
use
MIME::Base64;
|
|
print
encode_base64("@ARGV") ;
|
|
|
|
|
|
|