NAME

       ldns-keygen - generate a DNSSEC key pair

SYNOPSIS

       ldns-keygen [ OPTION ] DOMAIN

DESCRIPTION

       ldns-keygen  is  used to generate a private/public keypair. When run, it will create 3 files; a .key file
       with the public DNSKEY, a .private file with the private keydata and a .ds with  the  DS  record  of  the
       DNSKEY record.

       ldns-keygen  can also be used to create symmetric keys (for TSIG) by selecting the appropriate algorithm:
       hmac-md5.sig-alg.reg.int, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 or hmac-sha512.  In that  case
       no DS record will be created and no .ds file.

       ldns-keygen prints the basename for the key files: K<name>+<alg>+<id>

OPTIONS

       -a <algorithm>
              Create  a  key  with  this algorithm. Specifying 'list' here gives a list of supported algorithms.
              Several alias names are also accepted (from older versions and other  software),  the  list  gives
              names from the RFC.  Also the plain algo number is accepted.

       -b <bits>
              Use this many bits for the key length.

       -k     When given, generate a key signing key. This just sets the flag field to 257 instead of 256 in the
              DNSKEY RR in the .key file.

       -r device
              Make ldns-keygen use  this  file  to  seed  the  random  generator  with.  This  will  default  to
              /dev/random.

       -v     Show the version and exit

AUTHOR

       Written by the ldns team as an example for ldns usage.

REPORTING BUGS

       Report bugs to <ldns-team@nlnetlabs.nl>.

COPYRIGHT

       Copyright  (C)  2005-2008  NLnet  Labs.  This  is  free  software.  There  is  NO  warranty; not even for
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

                                                   27 May 2008                                    ldns-keygen(1)