4.15. dnssec-revoke --- DNSKEY revoker

4.15.1. Synopsis

dnssec-revoke [-v level] [-r] [-K directory] [-E <password>] [-f] [-R] <keyfile>

dnssec-revoke [ -h | -V ]

4.15.2. Description

dnssec-revoke reads a DNSSEC key file, sets the REVOKE bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.

4.15.3. Options

-K <directory>

Sets the directory in which the key files are to reside.

-r

After writing the new keyset files remove the original keyset files.

-E <password>

Specify the password for the private key. If the password is incorrect and does not decrypt a private key, the password is prompted for.

-f

Force overwrite. Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.

-R

Print the key tag of the key with the REVOKE bit set but do not revoke the key.

-h

Print program usage information and exit.

-v <level>

Set the verbosity level.

-V

Print program version and exit.

4.15.4. See also

dnssec-keygen(1)