Commit 8ce1b610 authored by Jan Včelák's avatar Jan Včelák 🚀
Browse files

keymgr, document 'tsig generate' command

parent 3c1cb14f
......@@ -37,10 +37,15 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
\fBkeymgr\fP [\fIglobal\-options\fP] [\fIcommand\fP\&...] \fBhelp\fP
.SH DESCRIPTION
.sp
The \fBkeymgr\fP utility serves for DNSSEC keys and KASP (Key And
Signature Policy) management in Knot DNS server. The configuration is stored
in a so called KASP database. The database is simply a directory in the
file\-system containing files in the JSON format.
The \fBkeymgr\fP utility serves for key management in Knot DNS server.
.sp
Primarily functions for DNSSEC keys and KASP (Key And Signature Policy)
management are provided. However the utility also provides functions for
TSIG key generation.
.sp
The DNSSEC and KASP configuration is stored in a so called KASP database.
The database is simply a directory in the file\-system containing files in the
JSON format.
.sp
The operations are organized into commands and subcommands. A command
specifies the operation to be performed with the KASP database. It is usually
......@@ -75,6 +80,9 @@ way how a zone is signed.
\fBkeystore\fP ...
Operations with private key store content. The private key store holds
private key material separately from zone metadata.
.TP
\fBtsig\fP ...
Operations with TSIG keys.
.UNINDENT
.SS zone commands
.INDENT 0.0
......@@ -222,6 +230,14 @@ file\-based key store is supported. This command is subject to change.
\fBkeystore\fP \fBlist\fP
List private keys in the key store.
.UNINDENT
.SS tsig commands
.INDENT 0.0
.TP
\fBtsig\fP \fBgenerate\fP \fIname\fP [\fBhmac\fP \fIalgorithm\fP] [\fBsize\fP \fIbits\fP]
Generate new TSIG key and print it on the standard output. The HMAC algorithm
defaults to \fIsha256\fP\&. The default key size is determined optimally based
on the selected algorithm.
.UNINDENT
.SH EXAMPLES
.INDENT 0.0
.IP 1. 3
......@@ -325,6 +341,18 @@ $ keymgr zone key generate example.com algorithm rsasha256 size 1024
.fi
.UNINDENT
.UNINDENT
.IP 8. 3
Generate a TSIG key named \fIoperator.key\fP:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr tsig generate operator.key hmac sha512
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.SH SEE ALSO
.sp
......
.. highlight:: console
keymgr – DNSSEC key management utility
======================================
keymgr – Key management utility
===============================
Synopsis
--------
......@@ -13,10 +13,15 @@ Synopsis
Description
-----------
The :program:`keymgr` utility serves for DNSSEC keys and KASP (Key And
Signature Policy) management in Knot DNS server. The configuration is stored
in a so called KASP database. The database is simply a directory in the
file-system containing files in the JSON format.
The :program:`keymgr` utility serves for key management in Knot DNS server.
Primarily functions for DNSSEC keys and KASP (Key And Signature Policy)
management are provided. However the utility also provides functions for
TSIG key generation.
The DNSSEC and KASP configuration is stored in a so called KASP database.
The database is simply a directory in the file-system containing files in the
JSON format.
The operations are organized into commands and subcommands. A command
specifies the operation to be performed with the KASP database. It is usually
......@@ -53,6 +58,9 @@ Main commands
Operations with private key store content. The private key store holds
private key material separately from zone metadata.
**tsig** ...
Operations with TSIG keys.
zone commands
.............
......@@ -187,6 +195,14 @@ file-based key store is supported. This command is subject to change.
**keystore** **list**
List private keys in the key store.
tsig commands
.............
**tsig** **generate** *name* [**hmac** *algorithm*] [**size** *bits*]
Generate new TSIG key and print it on the standard output. The HMAC algorithm
defaults to *sha256*. The default key size is determined optimally based
on the selected algorithm.
Examples
--------
......@@ -235,6 +251,10 @@ Examples
$ keymgr zone key generate example.com algorithm rsasha256 size 2048 ksk
$ keymgr zone key generate example.com algorithm rsasha256 size 1024
8. Generate a TSIG key named *operator.key*::
$ keymgr tsig generate operator.key hmac sha512
See Also
--------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment