From 17ce26855d274ae393fd226bf7f2711075b0ef77 Mon Sep 17 00:00:00 2001 From: Jan Vcelak <jan.vcelak@nic.cz> Date: Thu, 13 Aug 2015 16:53:14 +0200 Subject: [PATCH] man: knotc, keymgr: reflect new format of generated TSIG key --- doc/man/keymgr.8in | 7 ++++++- doc/man/knotc.8in | 18 +++++++++++++++++- doc/man_keymgr.rst | 9 +++++++-- doc/man_knotc.rst | 10 +++++++++- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/doc/man/keymgr.8in b/doc/man/keymgr.8in index e3e9c07a6c..862264ae84 100644 --- a/doc/man/keymgr.8in +++ b/doc/man/keymgr.8in @@ -234,9 +234,14 @@ List private keys in the key store. .INDENT 0.0 .TP \fBtsig\fP \fBgenerate\fP \fIname\fP [\fBalgorithm\fP \fIid\fP] [\fBsize\fP \fIbits\fP] -Generate new TSIG key and print it on the standard output. The HMAC algorithm +Generate new TSIG key and print it on the standard output. The algorithm defaults to \fIhmac\-sha256\fP\&. The default key size is determined optimally based on the selected algorithm. +.sp +The generated key is printed out in the server configuration format to allow +direct inclusion into the server configuration. The first line of the output +contains a comment with the key in the one\-line key format accepted by client +utilities. .UNINDENT .SH EXAMPLES .INDENT 0.0 diff --git a/doc/man/knotc.8in b/doc/man/knotc.8in index 84cf5c0bf7..c2980e38d8 100644 --- a/doc/man/knotc.8in +++ b/doc/man/knotc.8in @@ -119,7 +119,23 @@ Export the configuration database to a file. .sp .nf .ft C -$ keymgr tsig generate knotc\-key > knotc.key +$ keymgr tsig generate knotc\-key > knotc\-key.conf +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +The generated key file contains a key in the server configuration format and +thus can be directly included into the server configuration file. +.sp +Knot DNS utilities accept one\-line format which is included in the generated +key file on the first line as a comment. It can be extracted easily: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ head \-1 knotc\-key.conf | sed \(aqs/^#\es*//\(aq > knotc.key .ft P .fi .UNINDENT diff --git a/doc/man_keymgr.rst b/doc/man_keymgr.rst index 8f5ef1e4ba..53f621dddd 100644 --- a/doc/man_keymgr.rst +++ b/doc/man_keymgr.rst @@ -30,7 +30,7 @@ available subcommands in that area. The listing of available command arguments is not supported yet. Command and argument names are parsed in a smart way. Only a beginning -of a name can be entered and it will be recognized. The specified part of +of a name can be entered and it will be recognized. The specified part of a name must be unique amongst the other names. Global options @@ -199,10 +199,15 @@ tsig commands ............. **tsig** **generate** *name* [**algorithm** *id*] [**size** *bits*] - Generate new TSIG key and print it on the standard output. The HMAC algorithm + Generate new TSIG key and print it on the standard output. The algorithm defaults to *hmac-sha256*. The default key size is determined optimally based on the selected algorithm. + The generated key is printed out in the server configuration format to allow + direct inclusion into the server configuration. The first line of the output + contains a comment with the key in the one-line key format accepted by client + utilities. + Examples -------- diff --git a/doc/man_knotc.rst b/doc/man_knotc.rst index 4e5d1b144f..27b66c0e2c 100644 --- a/doc/man_knotc.rst +++ b/doc/man_knotc.rst @@ -97,7 +97,15 @@ Setup a key file for remote control :: - $ keymgr tsig generate knotc-key > knotc.key + $ keymgr tsig generate knotc-key > knotc-key.conf + +The generated key file contains a key in the server configuration format and +thus can be directly included into the server configuration file. + +Knot DNS utilities accept one-line format which is included in the generated +key file on the first line as a comment. It can be extracted easily:: + + $ head -1 knotc-key.conf | sed 's/^#\s*//' > knotc.key Make sure the key file can be read only by the owner for security reasons. -- GitLab