4.15. dnssec-revoke --- DNSKEY revoker

4.15.1. Synopsis

dnssec-revoke [-h] [-v level] [-V] [-r] [-K directory] [-E <engine-name>] [-f] [-R] <keyfile>

4.15.2. Description

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.

4.15.3. Options

-K <directory>

Sets the directory in which the key files are to reside.

-r

After writing the new keyset files remove the original keyset files.

-E <engine-name>

Specifies the OpenSSL engine to use for cryptographic operations, such as a secure key store used for signing.

-f

Force overwrite. Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.

-R

Print the key tag of the key with the REVOKE bit set but do not revoke the key.

-h

Print program usage information and exit.

-v <level>

Set the verbosity level.

-V

Print the program's version and exit.

4.15.4. See also

dnssec-keygen(1)