--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/Solaris/dnssec-keyfromlabel.8 Mon Oct 19 15:36:51 2015 -0700
@@ -0,0 +1,194 @@
+'\" te
+.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" Portions Copyright (c) 2010, Sun Microsystems, Inc. All Rights Reserved.
+.TH dnssec-keyfromlabel 8 "19 Oct 2015" "SunOS 5.12" "System Administration Commands"
+.SH NAME
+dnssec-keyfromlabel \- DNSSEC key generation tool
+.SH SYNOPSIS
+.LP
+.nf
+\fBdnssec-keyfromlabel\fR \fB-a\fR \fIalgorithm\fR \fB-l\fR \fIlabel\fR [\fB-c\fR \fIclass\fR] [\fB-f\fR \fIflag\fR] [\fB-k\fR]
+ [\fB-n\fR \fInametype\fR] [\fB-p\fR \fIprotocol\fR] [\fB-t\fR \fItype\fR] [\fB-v\fR \fIlevel\fR] \fIname\fR
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+\fBdnssec-keyfromlabel\fR retrieves keys with a specified label from a crypto hardware device and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
+.SH OPTIONS
+.sp
+.LP
+The following options are supported:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-a\fR \fIalgorithm\fR\fR
+.ad
+.sp .6
+.RS 4n
+Selects the cryptographic algorithm. The value of \fIalgorithm\fR must be one of \fBRSAMD5\fR (RSA) or \fBRSASHA1\fR, \fBDSA\fR, \fBNSEC3RSASHA1\fR, \fBNSEC3DSA\fR, or \fBDH\fR (Diffie-Hellman). These values are case-insensitive.
+.sp
+Note that for \fBDNSSEC\fR, \fBRSASHA1\fR is a mandatory-to-implement algorithm, and DSA is recommended. Note also that \fBDH\fR automatically sets the \fB-k\fR flag.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-l\fR \fIlabel\fR\fR
+.ad
+.sp .6
+.RS 4n
+Specifies the label of keys in the crypto hardware (PKCS#11) device.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-n\fR \fInametype\fR\fR
+.ad
+.sp .6
+.RS 4n
+Specifies the owner type of the key. The value of \fInametype\fR must either be \fBZONE\fR (for a \fBDNSSEC\fR zone key (\fBKEY\fR/\fBDNSKEY\fR)), \fBHOST\fR or \fBENTITY\fR (for a key associated with a host (\fBKEY\fR)), \fBUSER\fR (for a key associated with a user (\fBKEY\fR)), or \fBOTHER\fR (\fBDNSKEY\fR). These values are case-insensitive.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-c\fR \fIclass\fR\fR
+.ad
+.sp .6
+.RS 4n
+Indicates that the DNS record containing the key should have the specified class. If not specified, class \fBIN\fR is used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-f\fR \fIflag\fR\fR
+.ad
+.sp .6
+.RS 4n
+Set the specified flag in the flag field of the \fBKEY\fR/\fBDNSKEY\fR record. The only recognized flag is \fBKSK\fR (Key Signing Key) \fBDNSKEY\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-h\fR\fR
+.ad
+.sp .6
+.RS 4n
+Displays a short summary of the options and arguments to \fBdnssec-keyfromlabel\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-k\fR \fI\fR\fR
+.ad
+.sp .6
+.RS 4n
+Generate \fBKEY\fR records rather than \fBDNSKEY\fR records.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-p\fR \fIprotocol\fR\fR
+.ad
+.sp .6
+.RS 4n
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is \fB3\fR (\fBDNSSEC\fR). Other possible values for this argument are listed in RFC 2535 and its successors.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-t\fR \fItype\fR\fR
+.ad
+.sp .6
+.RS 4n
+Indicates the use of the key. \fItype\fR must be one of \fBAUTHCONF\fR, \fBNOAUTHCONF\fR, \fBNOAUTH\fR, or \fBNOCONF\fR. The default is \fBAUTHCONF\fR. \fBAUTH\fR refers to the ability to authenticate data, and \fBCONF\fR the ability to encrypt data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-v\fR \fIlevel\fR\fR
+.ad
+.sp .6
+.RS 4n
+Sets the debugging level.
+.RE
+
+.SH GENERATED KEY FILES
+.sp
+.LP
+When \fBdnssec-keyfromlabel\fR completes successfully, it displays a string of the form \fBK\fInnnn\fR.+\fIaaa\fR+\fIiiiii\fR\fR to the standard output. This is an identification string for the key files it has generated, which translates as follows.
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fInnnn\fR is the key name.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fIaaa\fR is the numeric representation of the algorithm.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fIiiiii\fR is the key identifier (or footprint).
+.RE
+.sp
+.LP
+\fBdnssec-keyfromlabel\fR creates two files, with names based on the displayed string. \fBK\fInnnn\fR.+\fIaaa\fR+\fIiiiii\fR.key\fR contains the public key, and \fBK\fInnnn\fR.+\fIaaa\fR+\fIiiiii\fR.private\fR contains the private key.
+.sp
+.LP
+The first file contains a \fBDNS\fR \fBKEY\fR record that can be inserted into a zone file (directly or with an \fB$INCLUDE\fR statement).
+.sp
+.LP
+The second file contains algorithm-specific fields. For obvious security reasons, this file does not have general read permission.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab(�) box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPE�ATTRIBUTE VALUE
+_
+Availability�service/network/dns/bind
+_
+Interface Stability�Volatile
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBdnssec-keygen\fR(8), \fBdnssec-signzone\fR(8), \fBattributes\fR(5)
+.sp
+.LP
+\fIRFC 2539\fR, \fIRFC 2845\fR, \fIRFC 4033\fR
+.sp
+.LP
+See the BIND 9 \fIAdministrator's Reference Manual\fR. As of the date of publication of this man page, this document is available at https://www.isc.org/software/bind/documentation\&.