dnssec-keyfromlabel.8 12.6 KB
Newer Older
Tinderbox User's avatar
Tinderbox User committed
1
.\" Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
Francis Dupont's avatar
regen  
Francis Dupont committed
2
.\" 
Tinderbox User's avatar
Tinderbox User committed
3 4 5
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
Francis Dupont's avatar
regen  
Francis Dupont committed
6 7 8
.\"
.hy 0
.ad l
Tinderbox User's avatar
Tinderbox User committed
9 10
'\" t
.\"     Title: dnssec-keyfromlabel
Francis Dupont's avatar
regen  
Francis Dupont committed
11
.\"    Author: 
Tinderbox User's avatar
Tinderbox User committed
12
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
Tinderbox User's avatar
Tinderbox User committed
13
.\"      Date: August 27, 2015
Francis Dupont's avatar
regen  
Francis Dupont committed
14
.\"    Manual: BIND9
Tinderbox User's avatar
Tinderbox User committed
15 16
.\"    Source: ISC
.\"  Language: English
Francis Dupont's avatar
regen  
Francis Dupont committed
17
.\"
Tinderbox User's avatar
Tinderbox User committed
18
.TH "DNSSEC\-KEYFROMLABEL" "8" "August 27, 2015" "ISC" "BIND9"
Tinderbox User's avatar
Tinderbox User committed
19 20 21 22 23 24 25 26 27 28 29 30
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
Francis Dupont's avatar
regen  
Francis Dupont committed
31 32 33 34
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
Tinderbox User's avatar
Tinderbox User committed
35 36 37
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
Francis Dupont's avatar
regen  
Francis Dupont committed
38
.SH "NAME"
Tinderbox User's avatar
Tinderbox User committed
39
dnssec-keyfromlabel \- DNSSEC key generation tool
Francis Dupont's avatar
regen  
Francis Dupont committed
40
.SH "SYNOPSIS"
Tinderbox User's avatar
Tinderbox User committed
41
.HP \w'\fBdnssec\-keyfromlabel\fR\ 'u
Tinderbox User's avatar
Tinderbox User committed
42
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
Francis Dupont's avatar
regen  
Francis Dupont committed
43 44 45
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
Tinderbox User's avatar
Tinderbox User committed
46 47
generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM)\&. The private key file can be used for DNSSEC signing of zone data as if it were a conventional signing key created by
\fBdnssec\-keygen\fR, but the key material is stored within the HSM, and the actual signing takes place there\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
48 49 50
.PP
The
\fBname\fR
Tinderbox User's avatar
Tinderbox User committed
51
of the key is specified on the command line\&. This must match the name of the zone for which the key is being generated\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
52 53 54 55
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
56
Selects the cryptographic algorithm\&. The value of
Francis Dupont's avatar
regen  
Francis Dupont committed
57
\fBalgorithm\fR
Tinderbox User's avatar
Tinderbox User committed
58
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384\&. These values are case insensitive\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
59
.sp
Automatic Updater's avatar
regen  
Automatic Updater committed
60 61
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
Tinderbox User's avatar
Tinderbox User committed
62
option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If
Automatic Updater's avatar
regen  
Automatic Updater committed
63
\fB\-3\fR
Tinderbox User's avatar
Tinderbox User committed
64
is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.)
Automatic Updater's avatar
regen  
Automatic Updater committed
65
.sp
Tinderbox User's avatar
Tinderbox User committed
66
Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
67
.sp
Tinderbox User's avatar
Tinderbox User committed
68
Note 2: DH automatically sets the \-k flag\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
69 70
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
71 72
\-3
.RS 4
Tinderbox User's avatar
Tinderbox User committed
73
Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
74 75
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
76 77
\-E \fIengine\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
78
Specifies the cryptographic hardware to use\&.
Tinderbox User's avatar
Tinderbox User committed
79
.sp
Tinderbox User's avatar
Tinderbox User committed
80
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module\&. When BIND is built with native PKCS#11 cryptography (\-\-enable\-native\-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "\-\-with\-pkcs11"\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
81 82
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
83 84
\-l \fIlabel\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
85
Specifies the label for a key pair in the crypto hardware\&.
Tinderbox User's avatar
Tinderbox User committed
86 87 88
.sp
When
BIND
Tinderbox User's avatar
Tinderbox User committed
89
9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&. It may be preceded by an optional OpenSSL engine name, followed by a colon, as in "pkcs11:\fIkeylabel\fR"\&.
Tinderbox User's avatar
Tinderbox User committed
90 91 92
.sp
When
BIND
Tinderbox User's avatar
Tinderbox User committed
93
9 is built with native PKCS#11 support, the label is a PKCS#11 URI string in the format "pkcs11:\fBkeyword\fR=\fIvalue\fR[;\fBkeyword\fR=\fIvalue\fR;\&.\&.\&.]" Keywords include "token", which identifies the HSM; "object", which identifies the key; and "pin\-source", which identifies a file from which the HSM\*(Aqs PIN code can be obtained\&. The label will be stored in the on\-disk "private" file\&.
Tinderbox User's avatar
Tinderbox User committed
94 95 96
.sp
If the label contains a
\fBpin\-source\fR
Tinderbox User's avatar
Tinderbox User committed
97
field, tools using the generated key files will be able to use the HSM for signing and other operations without any need for an operator to manually enter a PIN\&. Note: Making the HSM\*(Aqs PIN accessible in this manner may reduce the security advantage of using an HSM; be sure this is what you want to do before making use of this feature\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
98 99 100 101
.RE
.PP
\-n \fInametype\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
102
Specifies the owner type of the key\&. The value of
Francis Dupont's avatar
regen  
Francis Dupont committed
103
\fBnametype\fR
Tinderbox User's avatar
Tinderbox User committed
104
must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
105 106
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
107 108
\-C
.RS 4
Tinderbox User's avatar
Tinderbox User committed
109
Compatibility mode: generates an old\-style key, without any metadata\&. By default,
Automatic Updater's avatar
regen  
Automatic Updater committed
110
\fBdnssec\-keyfromlabel\fR
Tinderbox User's avatar
Tinderbox User committed
111
will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data may be incompatible with older versions of BIND; the
Automatic Updater's avatar
regen  
Automatic Updater committed
112
\fB\-C\fR
Tinderbox User's avatar
Tinderbox User committed
113
option suppresses them\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
114 115
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
116 117
\-c \fIclass\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
118
Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
119 120 121 122
.RE
.PP
\-f \fIflag\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
123
Set the specified flag in the flag field of the KEY/DNSKEY record\&. The only recognized flags are KSK (Key Signing Key) and REVOKE\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
124 125
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
126 127
\-G
.RS 4
Tinderbox User's avatar
Tinderbox User committed
128
Generate a key, but do not publish it or sign with it\&. This option is incompatible with \-P and \-A\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
129 130
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
131 132 133
\-h
.RS 4
Prints a short summary of the options and arguments to
Tinderbox User's avatar
Tinderbox User committed
134
\fBdnssec\-keyfromlabel\fR\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
135 136
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
137 138
\-K \fIdirectory\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
139
Sets the directory in which the key files are to be written\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
140 141
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
142 143
\-k
.RS 4
Tinderbox User's avatar
Tinderbox User committed
144
Generate KEY records rather than DNSKEY records\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
145 146
.RE
.PP
Automatic Updater's avatar
Automatic Updater committed
147 148
\-L \fIttl\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
149
Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
Automatic Updater's avatar
Automatic Updater committed
150 151 152
0
or
none
Tinderbox User's avatar
Tinderbox User committed
153
removes it\&.
Automatic Updater's avatar
Automatic Updater committed
154 155
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
156 157
\-p \fIprotocol\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
158
Sets the protocol value for the key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
159 160
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
161 162
\-S \fIkey\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
163
Generate a key as an explicit successor to an existing key\&. The name, algorithm, size, and type of the key will be set to match the predecessor\&. The activation date of the new key will be set to the inactivation date of the existing one\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
Tinderbox User's avatar
Tinderbox User committed
164 165
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
166 167
\-t \fItype\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
168
Indicates the use of the key\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
169
\fBtype\fR
Tinderbox User's avatar
Tinderbox User committed
170
must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
171 172 173 174
.RE
.PP
\-v \fIlevel\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
175
Sets the debugging level\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
176
.RE
Automatic Updater's avatar
regen  
Automatic Updater committed
177
.PP
Tinderbox User's avatar
Tinderbox User committed
178 179
\-V
.RS 4
Tinderbox User's avatar
Tinderbox User committed
180
Prints version information\&.
Tinderbox User's avatar
Tinderbox User committed
181 182
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
183 184
\-y
.RS 4
Tinderbox User's avatar
Tinderbox User committed
185
Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked\&. (This is only safe to use if you are sure you won\*(Aqt be using RFC 5011 trust anchor maintenance with either of the keys involved\&.)
Automatic Updater's avatar
regen  
Automatic Updater committed
186
.RE
Automatic Updater's avatar
regen  
Automatic Updater committed
187 188
.SH "TIMING OPTIONS"
.PP
Tinderbox User's avatar
Tinderbox User committed
189
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
190 191 192
.PP
\-P \fIdate/offset\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
193
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
194 195
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
196 197 198 199 200
\-P sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records which match this key are to be published to the zone\&.
.RE
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
201 202
\-A \fIdate/offset\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
203
Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
204 205 206 207
.RE
.PP
\-R \fIdate/offset\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
208
Sets the date on which the key is to be revoked\&. After that date, the key will be flagged as revoked\&. It will be included in the zone and will be used to sign it\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
209 210
.RE
.PP
Automatic Updater's avatar
Automatic Updater committed
211
\-I \fIdate/offset\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
212
.RS 4
Tinderbox User's avatar
Tinderbox User committed
213
Sets the date on which the key is to be retired\&. After that date, the key will still be included in the zone, but it will not be used to sign it\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
214 215 216 217
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
218
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
Automatic Updater's avatar
regen  
Automatic Updater committed
219
.RE
Tinderbox User's avatar
Tinderbox User committed
220
.PP
Tinderbox User's avatar
Tinderbox User committed
221 222 223 224 225
\-D sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records which match this key are to be deleted\&.
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
226 227
\-i \fIinterval\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
228
Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
Tinderbox User's avatar
Tinderbox User committed
229
.sp
Tinderbox User's avatar
Tinderbox User committed
230
If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero\&.
Tinderbox User's avatar
Tinderbox User committed
231
.sp
Tinderbox User's avatar
Tinderbox User committed
232
As with date offsets, if the argument is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the interval is measured in years, months, weeks, days, hours, or minutes, respectively\&. Without a suffix, the interval is measured in seconds\&.
Tinderbox User's avatar
Tinderbox User committed
233
.RE
Francis Dupont's avatar
regen  
Francis Dupont committed
234 235 236 237 238
.SH "GENERATED KEY FILES"
.PP
When
\fBdnssec\-keyfromlabel\fR
completes successfully, it prints a string of the form
Tinderbox User's avatar
Tinderbox User committed
239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276
Knnnn\&.+aaa+iiiii
to the standard output\&. This is an identification string for the key files it has generated\&.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
nnnn
is the key name\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
aaa
is the numeric representation of the algorithm\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
iiiii
is the key identifier (or footprint)\&.
.RE
Francis Dupont's avatar
regen  
Francis Dupont committed
277 278
.PP
\fBdnssec\-keyfromlabel\fR
Tinderbox User's avatar
Tinderbox User committed
279 280
creates two files, with names based on the printed string\&.
Knnnn\&.+aaa+iiiii\&.key
Francis Dupont's avatar
regen  
Francis Dupont committed
281
contains the public key, and
Tinderbox User's avatar
Tinderbox User committed
282 283
Knnnn\&.+aaa+iiiii\&.private
contains the private key\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
284 285
.PP
The
Tinderbox User's avatar
Tinderbox User committed
286 287
\&.key
file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
288 289
.PP
The
Tinderbox User's avatar
Tinderbox User committed
290 291
\&.private
file contains algorithm\-specific fields\&. For obvious security reasons, this file does not have general read permission\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
292 293
.SH "SEE ALSO"
.PP
Tinderbox User's avatar
Tinderbox User committed
294 295
\fBdnssec-keygen\fR(8),
\fBdnssec-signzone\fR(8),
Francis Dupont's avatar
regen  
Francis Dupont committed
296
BIND 9 Administrator Reference Manual,
Tinderbox User's avatar
Tinderbox User committed
297
RFC 4034,
Tinderbox User's avatar
Tinderbox User committed
298
The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
299 300
.SH "AUTHOR"
.PP
Tinderbox User's avatar
Tinderbox User committed
301
\fBInternet Systems Consortium, Inc\&.\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
302
.SH "COPYRIGHT"
Tinderbox User's avatar
Tinderbox User committed
303
.br
Tinderbox User's avatar
Tinderbox User committed
304
Copyright \(co 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
Francis Dupont's avatar
regen  
Francis Dupont committed
305
.br