Provided by: dnssec-tools_2.2-2_all 
NAME
keymod - Modifies key parameters in a DNSSEC-Tools keyrec file
SYNOPSIS
keymod [options] keyrec1 ... keyrecN
DESCRIPTION
keymod modifies the key parameters in a keyrec file that are used to generate
cryptographics keys used to sign zones. The new parameters will be used by zonesigner
when generating new keys. It has no effect on existing keys.
zonesigner will use the new parameter for a zone the next time it generates a key that
requires that parameter. This means that, for example, a new ZSK length will not be used
during the next invocation of zonesigner if that invocation will be performing KSK-
rollover actions.
The following fields may be modified:
kskcount - count of KSK keys
ksklength - length of KSK keys
ksklife - lifetime of KSK keys
random - random number generator device file
revperiod - revocation period for KSK keys
zskcount - count of ZSK keys
zsklength - length of ZSK keys
zsklife - lifetime of ZSK keys
New key/value fields will be added to a zone keyrec file to inform zonesigner that new
values should be used. The key portion of the added fields will begin with "new_". For
example, a new KSK length of 2048 will be written to the keyrec file as:
new_ksklength 2048
All zone records in the specified keyrec file will be modified, unless the -zone option is
given. In that case, only the named zone will be modified.
If a zone keyrec already contains a new key/value field, then the value will be modified
on subsequent runs of keymod.
OPTIONS
keymod recognizes the following options. Multiple options may be combined in a single
keymod execution.
All numeric values must be positive or zero.
If a new key/value field should be deleted from a zone keyrec, then a zero or empty string
value should be specified for the appropriate option.
-zone zonename
The zone keyrec whose name matches zonename is selected as the only keyrec that will
be modified. If this name is not given, then all zone keyrec records will be
modified.
-ksklength ksklength
The ksklength field will be modified in the selected keyrec records to the given
value. This is a numeric field whose values depend on the cryptographic algorithm to
be used to generate keys for the zone.
-kskcount kskcount
The kskcount field will be modified in the selected keyrec records to the given value.
This is a numeric field.
-ksklife ksklife
The ksklife field will be modified in the selected keyrec records to the given value.
This is a numeric field.
-random random
The random field will be modified in the selected keyrec records to the given value.
This is a text field that will be passed to the key generator.
-revperiod revperiod
The revperiod field will be modified in the selected keyrec records to the given
value. This is a numeric field.
-zskcount zskcount
The zskcount field will be modified in the selected keyrec records to the given value.
This is a numeric field.
-zsklength zsklength
The zsklength field will be modified in the selected keyrec records to the given
value. This is a numeric field whose values depend on the cryptographic algorithm to
be used to generate keys for the zone.
-zsklife zsklife
The zsklife field will be modified in the selected keyrec records to the given value.
This is a numeric field.
-nocheck
If this option is given, the krfcheck command will not be run on the modified keyrec
file.
-verbose
Display information about every modification made to the keyrec file.
-Version
Displays the version information for keymod and the DNSSEC-Tools package.
-help
Display a usage message.
COPYRIGHT
Copyright 2012-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with
the DNSSEC-Tools package for details.
AUTHOR
Wayne Morrison, tewok@tislabs.com
SEE ALSO
zonesigner(8), krfcheck(8)
Net::DNS::SEC::Tools::keyrec.pm(3)
file-keyrec(5)