1<!--
2 - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
4 -
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
8 -
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
16-->
17<html>
18<head>
19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
20<title>dnssec-revoke</title>
21<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
22<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
23<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
24<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
25<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
26</head>
27<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
28<div class="navheader">
29<table width="100%" summary="Navigation header">
30<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
31<tr>
32<td width="20%" align="left">
33<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
34<th width="60%" align="center">Manual pages</th>
35<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
36</td>
37</tr>
38</table>
39<hr>
40</div>
41<div class="refentry">
42<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
43<div class="refnamediv">
44<h2>Name</h2>
45<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
46</div>
47<div class="refsynopsisdiv">
48<h2>Synopsis</h2>
49<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
50</div>
51<div class="refsection">
52<a name="id-1.14.10.6"></a><h2>DESCRIPTION</h2>
53<p><span class="command"><strong>dnssec-revoke</strong></span>
54      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
55      in RFC 5011, and creates a new pair of key files containing the
56      now-revoked key.
57    </p>
58</div>
59<div class="refsection">
60<a name="id-1.14.10.7"></a><h2>OPTIONS</h2>
61<div class="variablelist"><dl class="variablelist">
62<dt><span class="term">-h</span></dt>
63<dd><p>
64	    Emit usage message and exit.
65	  </p></dd>
66<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
67<dd><p>
68            Sets the directory in which the key files are to reside.
69          </p></dd>
70<dt><span class="term">-r</span></dt>
71<dd><p>
72	    After writing the new keyset files remove the original keyset
73	    files.
74	  </p></dd>
75<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
76<dd><p>
77            Sets the debugging level.
78          </p></dd>
79<dt><span class="term">-V</span></dt>
80<dd><p>
81	    Prints version information.
82	  </p></dd>
83<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
84<dd><p>
85            Use the given OpenSSL engine. When compiled with PKCS#11 support
86            it defaults to pkcs11; the empty name resets it to no engine.
87          </p></dd>
88<dt><span class="term">-f</span></dt>
89<dd><p>
90            Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
91            write the new key pair even if a file already exists matching
92            the algorithm and key ID of the revoked key.
93          </p></dd>
94<dt><span class="term">-R</span></dt>
95<dd><p>
96	    Print the key tag of the key with the REVOKE bit set but do
97	    not revoke the key.
98          </p></dd>
99</dl></div>
100</div>
101<div class="refsection">
102<a name="id-1.14.10.8"></a><h2>SEE ALSO</h2>
103<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
104      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
105      <em class="citetitle">RFC 5011</em>.
106    </p>
107</div>
108</div>
109<div class="navfooter">
110<hr>
111<table width="100%" summary="Navigation footer">
112<tr>
113<td width="40%" align="left">
114<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
115<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
116<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
117</td>
118</tr>
119<tr>
120<td width="40%" align="left" valign="top">
121<span class="application">dnssec-keygen</span>�</td>
122<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
123<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
124</td>
125</tr>
126</table>
127</div>
128<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
129</body>
130</html>
131