Open System Services Shell and Utilities Reference Manual (G06.28+, H06.05+)
dnssec-keygen(8) OSS Shell and Utilities Reference Manual
-n nametype Specifies the owner type of the key. The value of nametype must be one of:
ZONE Specifies a DNSSEC zone key (KEY/DNSKEY).
HOST Specifies a key associated with a host (KEY).
ENTITY Specifies a key associated with a host (KEY).
USER Specifies a key associated with a user (KEY).
OTHER Specifies a DNSKEY.
These values are case-insensitive.
-c class Indicates that the DNS record containing the key should have the specified class.
If this flag is not specified, class IN is used.
-e If generating an RSAMD5/RSASHA1 key, use a large exponent.
-f flag Set the specified flag in the flag field of the KEY/DNSKEY record. The only
recognized flag is KSK (Key Signing Key) DNSKEY.
-g generator If generating a Diffie Hellman key, use this generator. Allowed values are 2 and
5.
If no generator is specified, a known prime from RFC 2539 is used if possible;
otherwise, the default is 2.
-h Prints a short help summary of the flags and values to dnssec-keygen.
-k Generates KEY records rather than DNSKEY records.
-p protocol Sets the protocol value for the generated key. The protocol is a number between
0 and 255. The default is 3 (DNSSEC). Other possible values for this argument
are listed in RFC 2535 and its successors.
-r randomdev Specifies the source of randomness. If the operating system does not provide a
/dev/random or equivalent device, the default source of randomness is keyboard
input. (The OSS environment does not have a /dev/random device.)
randomdev specifies the name of a character device or file containing random
data to be used instead of the default. The special value keyboard indicates that
keyboard input should be used.
-s strength Specifies the strength value of the key. The strength is a number between 0 and
15, and currently has no defined purpose in DNSSEC.
-t type Indicates the use of the key. type must be one of:
AUTHCONF Use for data authentication and data encryption. This is the
default.
NOAUTHCONF
Do not use for data authentication or data encryption.
NOAUTH Do not use for data authentication.
12−14 Hewlett-Packard Company 527188-007