mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch 'pspacek/keyfromlabel-doc-alg-clarif' into 'main'

Browse Source 
Clarify dnssec-keyfromlabel -a in man page

See merge request isc-projects/bind9!6412
This commit is contained in:
Petr Špaček
2022-06-10 05:54:30 +00:00
parent e93c2e9a0f 5f53003dae
commit 189417c76b
2 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bin/dnssec/dnssec-keyfromlabel.rst
View File

@@ -45,20 +45,16 @@ Options
be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
If no algorithm is specified, RSASHA1 is used by default
unless the :option:`-3` option is specified, in which case NSEC3RSASHA1
is used instead. (If :option:`-3` is used and an algorithm is
specified, that algorithm is checked for compatibility with
NSEC3.)
These values are case-insensitive. In some cases, abbreviations are These values are case-insensitive. In some cases, abbreviations are
supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for
ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3` ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3`
option, then NSEC3RSASHA1 is used instead. option, then NSEC3RSASHA1 is used instead.
Since BIND 9.12.0, this option is mandatory except when using the This option is mandatory except when using the
:option:`-S` option, which copies the algorithm from the predecessory key. :option:`-S` option, which copies the algorithm from the predecessory key.
Previously, the default for newly generated keys was RSASHA1.
.. versionchanged:: 9.12.0
The default value RSASHA1 for newly generated keys was removed.
.. option:: -3 .. option:: -3

12
doc/man/dnssec-keyfromlabel.1in
View File

@@ -52,20 +52,16 @@ This option selects the cryptographic algorithm. The value of \fBalgorithm\fP mu
be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
.sp .sp
If no algorithm is specified, RSASHA1 is used by default
unless the \fI\%\-3\fP option is specified, in which case NSEC3RSASHA1
is used instead. (If \fI\%\-3\fP is used and an algorithm is
specified, that algorithm is checked for compatibility with
NSEC3.)
.sp
These values are case\-insensitive. In some cases, abbreviations are These values are case\-insensitive. In some cases, abbreviations are
supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for
ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP
option, then NSEC3RSASHA1 is used instead. option, then NSEC3RSASHA1 is used instead.
.sp .sp
Since BIND 9.12.0, this option is mandatory except when using the This option is mandatory except when using the
\fI\%\-S\fP option, which copies the algorithm from the predecessory key. \fI\%\-S\fP option, which copies the algorithm from the predecessory key.
Previously, the default for newly generated keys was RSASHA1. .sp
Changed in version 9.12.0: The default value RSASHA1 for newly generated keys was removed.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP