System administration command. Generate encrypted Secure DNS (DNSSEC) or Transaction Signatures (TSIG) keys for domain-name. When the key is completed, dnssec-keygen prints the key identifier to standard output and creates public and private key files whose names are based on the key identifier and the filename extensions .key and .private. It creates both files even when using an asymmetric algorithm like HMAC-MD5. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Specify the cryptographic algorithm to use. Accepted values are RSAMD5, RSA, DSA, DH, or HMAC-MD5.
Specify the key bitsize. Accepted values depend on the encryption algorithm used.
The domain record for which the key is being generated should contain class. When this option is not given, a class of IN is assumed.
Use a large exponent when generating an RSA key.
Specified the number to use as a generator when creating a DH (Diffie Hellman) key. Accepted values are 2 and 5.
Print a help message, then exit.
The owner of the key must be of the specified type. Accepted values are ZONE, HOST, ENTITY, or USER.
Specify the protocol value for the generated key. Accepted values are given in RFC 2535 and other DNS Security RFCs. By default the value is either 2 (email) or 3 (DNSSEC).
Specify the device to use as a source of randomness when creating ...