1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
.\" $OpenBSD: keyconv.8,v 1.5 2001/12/21 11:41:50 mpech Exp $
.\"
.\" Copyright (c) 2001 Hakan Olsson. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd Aug 22, 2001
.Dt KEYCONV 8
.Os
.Sh NAME
.Nm keyconv
.Nd DNSSEC/OpenSSL private key converter
.Sh SYNOPSIS
.Nm keyconv
.Fl do
.Ar infile Ar outfile
.Sh DESCRIPTION
The
.Nm
utility converts between the key formats used by OpenSSL, as produced by
.Xr openssl 1 ,
and DNSSEC, as produced by
.Xr dnssec-keygen 8 .
The primary use of
.Nm
is to generate the DNS "KEY" resource records that, when signed, can
be used by
.Xr isakmpd 8
to authenticate an IKE negotiation.
.Pp
For proper operation,
.Ar infile
is expected to contain the private key.
.Pp
The mode of operation is determined as follows:
.Bl -tag -width abc
.It Fl d
Convert from
.Pa DNSSEC
to
.Pa OpenSSL
format.
.It Fl o
Convert from
.Pa OpenSSL
to
.Pa DNSSEC
format.
In this mode,
.Nm
outputs both the private key, plus a
.Em outfile.pubkey
file containing the public key in DNS KEY format.
.El
.Pp
The
.Nm dnssec-keygen
command is supplied as part of BIND version 8 and 9 and can currently
be found in the
.Ox
ports collection.
.Sh EXAMPLES
Create a new RSA key for usage both in
.Xr isakmpd 8
and DNSSEC.
.Pp
.Bd -literal -offset 2n
$ openssl genrsa -out testkey.ssl 1024
$ keyconv -d testkey.ssl testkey.dns
.Ed
.Sh SEE ALSO
.Xr isakmpd 8 ,
.Xr openssl 1
.Sh HISTORY
This command first appeared in
.Ox 3.0 .
|
