ndnssec-keygen -a RSASHA1 -b 1024 -n
zone secret-wg.org
u
uKsecret-wg.org.+005+20704
nKsecret-wg.org.+005+20704.key contains the public key.
nKsecret-wg.org.+005+20704.privateshould be kept
secret
When generating
keys it is important to have access to a pool of random numbers. Be careful
when selecting your source for random numbers.
On FreeBSD the
/dev/random generator will block once it runs out of entropy (.i.e.
sufficient randomness). Use /dev/urandom on systems where this happens.
The private key
should be kept secret; when deploying DNSSEC one should consider to separate
the signer from the nameserver itself.