.\" Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
...
...
@@ -66,19 +66,19 @@ must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA51
\fB\-T KEY\fR
option as well\&.
.sp
TSIG keys can also be generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
\fB\-T KEY\fR\&. Note, however, that
\fBtsig\-keygen\fR
produces TSIG keys in a more useful format\&. These algorithms have been deprecated in
\fBdnssec\-keygen\fR, and will be removed in a future release\&.
.sp
These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
\fB\-3\fR
option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
.sp
As of BIND 9\&.12\&.0, this option is mandatory except when using the
This parameter
\fImust\fR
be specified except when using the
\fB\-S\fR
option, which copies the algorithm from the predecessor key\&. Previously, the default for newly generated keys was RSASHA1\&.
option, which copies the algorithm from the predecessor key\&.
.sp
In prior releases, HMAC algorithms could be generated for use as TSIG keys, but that feature has been removed as of BIND 9\&.13\&.0\&. Use
\fBtsig\-keygen\fR
to generate TSIG keys\&.
.RE
.PP
\-b \fIkeysize\fR
...
...
@@ -369,5 +369,5 @@ RFC 4034\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")