Commit 17ce2685 authored by Jan Včelák's avatar Jan Včelák 🚀
Browse files

man: knotc, keymgr: reflect new format of generated TSIG key

parent 5e7f438b
......@@ -234,9 +234,14 @@ List private keys in the key store.
.INDENT 0.0
.TP
\fBtsig\fP \fBgenerate\fP \fIname\fP [\fBalgorithm\fP \fIid\fP] [\fBsize\fP \fIbits\fP]
Generate new TSIG key and print it on the standard output. The HMAC algorithm
Generate new TSIG key and print it on the standard output. The algorithm
defaults to \fIhmac\-sha256\fP\&. The default key size is determined optimally based
on the selected algorithm.
.sp
The generated key is printed out in the server configuration format to allow
direct inclusion into the server configuration. The first line of the output
contains a comment with the key in the one\-line key format accepted by client
utilities.
.UNINDENT
.SH EXAMPLES
.INDENT 0.0
......
......@@ -119,7 +119,23 @@ Export the configuration database to a file.
.sp
.nf
.ft C
$ keymgr tsig generate knotc\-key > knotc.key
$ keymgr tsig generate knotc\-key > knotc\-key.conf
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
The generated key file contains a key in the server configuration format and
thus can be directly included into the server configuration file.
.sp
Knot DNS utilities accept one\-line format which is included in the generated
key file on the first line as a comment. It can be extracted easily:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ head \-1 knotc\-key.conf | sed \(aqs/^#\es*//\(aq > knotc.key
.ft P
.fi
.UNINDENT
......
......@@ -30,7 +30,7 @@ available subcommands in that area. The listing of available command arguments
is not supported yet.
Command and argument names are parsed in a smart way. Only a beginning
of a name can be entered and it will be recognized. The specified part of
of a name can be entered and it will be recognized. The specified part of
a name must be unique amongst the other names.
Global options
......@@ -199,10 +199,15 @@ tsig commands
.............
**tsig** **generate** *name* [**algorithm** *id*] [**size** *bits*]
Generate new TSIG key and print it on the standard output. The HMAC algorithm
Generate new TSIG key and print it on the standard output. The algorithm
defaults to *hmac-sha256*. The default key size is determined optimally based
on the selected algorithm.
The generated key is printed out in the server configuration format to allow
direct inclusion into the server configuration. The first line of the output
contains a comment with the key in the one-line key format accepted by client
utilities.
Examples
--------
......
......@@ -97,7 +97,15 @@ Setup a key file for remote control
::
$ keymgr tsig generate knotc-key > knotc.key
$ keymgr tsig generate knotc-key > knotc-key.conf
The generated key file contains a key in the server configuration format and
thus can be directly included into the server configuration file.
Knot DNS utilities accept one-line format which is included in the generated
key file on the first line as a comment. It can be extracted easily::
$ head -1 knotc-key.conf | sed 's/^#\s*//' > knotc.key
Make sure the key file can be read only by the owner for security reasons.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment