Commit c1ee9be1 authored by Brian Wellington's avatar Brian Wellington
Browse files

clean up the text relating to pseudorandom input.

parent b4dfb474
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-makekeyset.8,v 1.6 2000/07/31 15:28:19 bwelling Exp $
.\" $Id: dnssec-makekeyset.8,v 1.7 2000/07/31 19:39:38 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-MAKEKEYSET 8
......@@ -29,6 +29,7 @@
.Op Fl e Ar end-time
.Op Fl t Ar TTL
.Op Fl r Ar randomdev
.Op Fl p
.Op Fl v Ar level
.Ar keyfile ....
.Sh DESCRIPTION
......@@ -113,6 +114,14 @@ will prompt the user for input from the keyboard and use the time
between keystrokes to derive some random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-makekeyset
to use pseudo-random data when self-signing the keyset. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when the entropy source is limited.
.Pp
The
.Fl t
option is followed by a time-to-live argument
.Ar TTL
......
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signkey.8,v 1.7 2000/07/31 15:28:20 bwelling Exp $
.\" $Id: dnssec-signkey.8,v 1.8 2000/07/31 19:39:39 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNKEY 8
......@@ -60,17 +60,6 @@ option makes
print a short summary of its command line options
and arguments.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Nm dnssec-signkey
may need random numbers in the process of generating keys.
If the system does not have a
......@@ -88,6 +77,18 @@ use
as a source of random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
The
.Fl v
option can be used to make
.Nm dnssec-signkey
......
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.9 2000/07/31 15:28:21 bwelling Exp $
.\" $Id: dnssec-signzone.8,v 1.10 2000/07/31 19:39:42 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
......@@ -163,18 +163,6 @@ by default, with a cycle period of 7.5 days. Therefore, if any SIG records
are due to expire in less than 7.5 days, they would be replaced
with new ones.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
.Nm dnssec-signzone
may need random numbers in the process of signing the zone.
If the system does not have a
......@@ -191,6 +179,18 @@ use
.Ar randomdev
as a source of random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
An option of
.Fl h
makes
......
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-makekeyset.8,v 1.6 2000/07/31 15:28:19 bwelling Exp $
.\" $Id: dnssec-makekeyset.8,v 1.7 2000/07/31 19:39:38 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-MAKEKEYSET 8
......@@ -29,6 +29,7 @@
.Op Fl e Ar end-time
.Op Fl t Ar TTL
.Op Fl r Ar randomdev
.Op Fl p
.Op Fl v Ar level
.Ar keyfile ....
.Sh DESCRIPTION
......@@ -113,6 +114,14 @@ will prompt the user for input from the keyboard and use the time
between keystrokes to derive some random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-makekeyset
to use pseudo-random data when self-signing the keyset. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when the entropy source is limited.
.Pp
The
.Fl t
option is followed by a time-to-live argument
.Ar TTL
......
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signkey.8,v 1.7 2000/07/31 15:28:20 bwelling Exp $
.\" $Id: dnssec-signkey.8,v 1.8 2000/07/31 19:39:39 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNKEY 8
......@@ -60,17 +60,6 @@ option makes
print a short summary of its command line options
and arguments.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Nm dnssec-signkey
may need random numbers in the process of generating keys.
If the system does not have a
......@@ -88,6 +77,18 @@ use
as a source of random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
The
.Fl v
option can be used to make
.Nm dnssec-signkey
......
......@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.9 2000/07/31 15:28:21 bwelling Exp $
.\" $Id: dnssec-signzone.8,v 1.10 2000/07/31 19:39:42 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
......@@ -163,18 +163,6 @@ by default, with a cycle period of 7.5 days. Therefore, if any SIG records
are due to expire in less than 7.5 days, they would be replaced
with new ones.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
.Nm dnssec-signzone
may need random numbers in the process of signing the zone.
If the system does not have a
......@@ -191,6 +179,18 @@ use
.Ar randomdev
as a source of random data.
.Pp
The
.Fl p
option instructs
.Nm dnssec-signkey
to use pseudo-random data when signing the keys. This is faster, but
less secure, than using genuinely random data for signing.
This option may be useful when there are many child zone keysets to
sign or if the entropy source is limited.
It could also be used for short-lived keys and signatures that don't
require as much protection against cryptanalysis, such as when the key
will be discarded long before it could be compromised.
.Pp
An option of
.Fl h
makes
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment