1 files changed, 172 insertions, 171 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.docbook b/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
index e1eee22..cc5f1e7 100644
--- a/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
+++ b/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,9 +18,8 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ -->
-
-<refentry>
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.9 2007/01/29 23:57:20 marka Exp $ -->
+<refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
   </refentryinfo>
@@ -31,10 +30,16 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <refnamediv>
+    <refname><application>dnssec-keygen</application></refname>
+    <refpurpose>DNSSEC key generation tool</refpurpose>
+  </refnamediv>
+
   <docinfo>
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -46,11 +51,6 @@
     </copyright>
   </docinfo>
 
-  <refnamediv>
-    <refname><application>dnssec-keygen</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>dnssec-keygen</command>
@@ -74,11 +74,10 @@
 
   <refsect1>
     <title>DESCRIPTION</title>
-    <para>
-        <command>dnssec-keygen</command> generates keys for DNSSEC
-	(Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;.  It can also generate
-	keys for use with TSIG (Transaction Signatures), as
-	defined in RFC 2845.
+    <para><command>dnssec-keygen</command>
+      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
+      TSIG (Transaction Signatures), as defined in RFC 2845.
     </para>
   </refsect1>
 
@@ -88,168 +87,173 @@
     <variablelist>
       <varlistentry>
         <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-	      Selects the cryptographic algorithm.  The value of
-	      <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
-	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
-	      are case insensitive.
-	  </para>
-	  <para>
-	      Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
-	      and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </para>
-	  <para>
-	      Note 2: HMAC-MD5 and DH automatically set the -k flag.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Selects the cryptographic algorithm.  The value of
+            <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
+          </para>
+          <para>
+            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
+          </para>
+          <para>
+            Note 2: HMAC-MD5 and DH automatically set the -k flag.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-b <replaceable class="parameter">keysize</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the number of bits in the key.  The choice of key
-	       size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be between
-	       512 and 2048 bits.  Diffie Hellman keys must be between
-	       128 and 4096 bits.  DSA keys must be between 512 and 1024
-	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
-	       between 1 and 512 bits.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Specifies the number of bits in the key.  The choice of key
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
+            128 and 4096 bits.  DSA keys must be between 512 and 1024
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
+            between 1 and 512 bits.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-n <replaceable class="parameter">nametype</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the owner type of the key.  The value of
-	       <option>nametype</option> must either be ZONE (for a DNSSEC
-	       zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
-	       USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).  These values are
-	       case insensitive.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Specifies the owner type of the key.  The value of
+            <option>nametype</option> must either be ZONE (for a DNSSEC
+            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+            a host (KEY)),
+            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+            These values are
+            case insensitive.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	       Indicates that the DNS record containing the key should have
-	       the specified class.  If not specified, class IN is used.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Indicates that the DNS record containing the key should have
+            the specified class.  If not specified, class IN is used.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-e</term>
-	<listitem>
-	  <para>
-	       If generating an RSAMD5/RSASHA1 key, use a large exponent.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            If generating an RSAMD5/RSASHA1 key, use a large exponent.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-f <replaceable class="parameter">flag</replaceable></term>
-	<listitem>
-	  <para>
-		Set the specified flag in the flag field of the KEY/DNSKEY record.
-		The only recognized flag is KSK (Key Signing Key) DNSKEY.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Set the specified flag in the flag field of the KEY/DNSKEY record.
+            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-g <replaceable class="parameter">generator</replaceable></term>
-	<listitem>
-	  <para>
-	       If generating a Diffie Hellman key, use this generator.
-	       Allowed values are 2 and 5.  If no generator
-	       is specified, a known prime from RFC 2539 will be used
-	       if possible; otherwise the default is 2.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            If generating a Diffie Hellman key, use this generator.
+            Allowed values are 2 and 5.  If no generator
+            is specified, a known prime from RFC 2539 will be used
+            if possible; otherwise the default is 2.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-h</term>
-	<listitem>
-	  <para>
-	       Prints a short summary of the options and arguments to
-	       <command>dnssec-keygen</command>.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Prints a short summary of the options and arguments to
+            <command>dnssec-keygen</command>.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-k</term>
-	<listitem>
-	  <para>
-	       Generate KEY records rather than DNSKEY records.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Generate KEY records rather than DNSKEY records.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-p <replaceable class="parameter">protocol</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the protocol value for the generated key.  The protocol
-	       is a number between 0 and 255.  The default is 3 (DNSSEC).
-	       Other possible values for this argument are listed in
-	       RFC 2535 and its successors.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Sets the protocol value for the generated key.  The protocol
+            is a number between 0 and 255.  The default is 3 (DNSSEC).
+            Other possible values for this argument are listed in
+            RFC 2535 and its successors.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the source of randomness.  If the operating
-	       system does not provide a <filename>/dev/random</filename>
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <filename>randomdev</filename> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <filename>keyboard</filename> indicates that keyboard
-	       input should be used.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Specifies the source of randomness.  If the operating
+            system does not provide a <filename>/dev/random</filename>
+            or equivalent device, the default source of randomness
+            is keyboard input.  <filename>randomdev</filename>
+            specifies
+            the name of a character device or file containing random
+            data to be used instead of the default.  The special value
+            <filename>keyboard</filename> indicates that keyboard
+            input should be used.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-s <replaceable class="parameter">strength</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the strength value of the key.  The strength is
-	       a number between 0 and 15, and currently has no defined
-	       purpose in DNSSEC.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Specifies the strength value of the key.  The strength is
+            a number between 0 and 15, and currently has no defined
+            purpose in DNSSEC.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	       Indicates the use of the key.  <option>type</option> must be
-	       one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-	       is AUTHCONF.  AUTH refers to the ability to authenticate
-	       data, and CONF the ability to encrypt data.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Indicates the use of the key.  <option>type</option> must be
+            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
+            is AUTHCONF.  AUTH refers to the ability to authenticate
+            data, and CONF the ability to encrypt data.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the debugging level.
-	  </para>
-	</listitem>
+        <listitem>
+          <para>
+            Sets the debugging level.
+          </para>
+        </listitem>
       </varlistentry>
 
     </variablelist>
@@ -258,82 +262,82 @@
   <refsect1>
     <title>GENERATED KEYS</title>
     <para>
-        When <command>dnssec-keygen</command> completes successfully,
-	it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-	to the standard output.  This is an identification string for
-	the key it has generated.
+      When <command>dnssec-keygen</command> completes
+      successfully,
+      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
+      to the standard output.  This is an identification string for
+      the key it has generated.
     </para>
     <itemizedlist>
       <listitem>
-        <para>
-          <filename>nnnn</filename> is the key name.
+        <para><filename>nnnn</filename> is the key name.
         </para>
       </listitem>
       <listitem>
-        <para>
-          <filename>aaa</filename> is the numeric representation of the
+        <para><filename>aaa</filename> is the numeric representation
+          of the
           algorithm.
         </para>
       </listitem>
       <listitem>
-        <para>
-          <filename>iiiii</filename> is the key identifier (or footprint).
+        <para><filename>iiiii</filename> is the key identifier (or
+          footprint).
         </para>
       </listitem>
     </itemizedlist>
-    <para>
-        <command>dnssec-keygen</command> creates two file, with names based
-	on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-	contains the public key, and
-	<filename>Knnnn.+aaa+iiiii.private</filename> contains the private
-	key.
+    <para><command>dnssec-keygen</command> 
+      creates two file, with names based
+      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
+      contains the public key, and
+      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
+      private
+      key.
     </para>
     <para>
-        The <filename>.key</filename> file contains a DNS KEY record that
-	can be inserted into a zone file (directly or with a $INCLUDE
-	statement).
+      The <filename>.key</filename> file contains a DNS KEY record
+      that
+      can be inserted into a zone file (directly or with a $INCLUDE
+      statement).
     </para>
     <para>
-        The <filename>.private</filename> file contains algorithm specific
-	fields.  For obvious security reasons, this file does not have
-	general read permission.
+      The <filename>.private</filename> file contains algorithm
+      specific
+      fields.  For obvious security reasons, this file does not have
+      general read permission.
     </para>
     <para>
-        Both <filename>.key</filename> and <filename>.private</filename>
-	files are generated for symmetric encryption algorithm such as
-	HMAC-MD5, even though the public and private key are equivalent.
+      Both <filename>.key</filename> and <filename>.private</filename>
+      files are generated for symmetric encryption algorithm such as
+      HMAC-MD5, even though the public and private key are equivalent.
     </para>
   </refsect1>
 
   <refsect1>
     <title>EXAMPLE</title>
     <para>
-        To generate a 768-bit DSA key for the domain
-	<userinput>example.com</userinput>, the following command would be
-	issued:
+      To generate a 768-bit DSA key for the domain
+      <userinput>example.com</userinput>, the following command would be
+      issued:
     </para>
-    <para>
-        <userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
+    <para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
     </para>
     <para>
-        The command would print a string of the form:
+      The command would print a string of the form:
     </para>
-    <para>
-        <userinput>Kexample.com.+003+26160</userinput>
+    <para><userinput>Kexample.com.+003+26160</userinput>
     </para>
     <para>
-        In this example, <command>dnssec-keygen</command> creates
-	the files <filename>Kexample.com.+003+26160.key</filename> and
-	<filename>Kexample.com.+003+26160.private</filename>
+      In this example, <command>dnssec-keygen</command> creates
+      the files <filename>Kexample.com.+003+26160.key</filename>
+      and
+      <filename>Kexample.com.+003+26160.private</filename>
     </para>
   </refsect1>
 
   <refsect1>
     <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle>
-	<manvolnum>8</manvolnum>
+    <para><citerefentry>
+        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
       <citetitle>RFC 2535</citetitle>,
@@ -344,14 +348,11 @@
 
   <refsect1>
     <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Systems Consortium</corpauthor>
+    <para><corpauthor>Internet Systems Consortium</corpauthor>
     </para>
   </refsect1>
 
-</refentry>
-
-<!--
+</refentry><!--
  - Local variables:
  - mode: sgml
  - End: