From: Matt Nordhoff <mnordhoff@mattnordhoff.com>
Date: Tue, 13 Nov 2018 13:38:27 +0000 (+0000)
Subject: pdnsutil.1: Add Ed25519 and Ed448, document ECC keysizes
X-Git-Tag: auth-4.2.0-alpha1~46^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98645dcf2ebc4a3b29b0a658e164312b7fc8a50d;p=thirdparty%2Fpdns.git

pdnsutil.1: Add Ed25519 and Ed448, document ECC keysizes
---

diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst
index 32bcd72a8e..7af7fd7a01 100644
--- a/docs/manpages/pdnsutil.1.rst
+++ b/docs/manpages/pdnsutil.1.rst
@@ -43,6 +43,8 @@ algorithms are supported:
 -  gost
 -  ecdsa256
 -  ecdsa384
+-  ed25519
+-  ed448
 
 activate-zone-key *ZONE* *KEY-ID*
     Activate a key with id *KEY-ID* within a zone called *ZONE*.
@@ -69,7 +71,9 @@ generate-zone-key {**KSK**,\ **ZSK**} [*ALGORITHM*] [*KEYBITS*]
     Generate a ZSK or KSK to stdout with specified algorithm and bits
     and print it on STDOUT. If *ALGORITHM* is not set, RSASHA512 is
     used. If *KEYBITS* is not set, an appropriate keysize is selected
-    for *ALGORITHM*.
+    for *ALGORITHM*. Each ECC-based algorithm supports only one valid
+    *KEYBITS* value: For GOST, ECDSA256, and ED25519, it is 256; for
+    ECDSA384, it is 384; and for ED448, it is 456.
 import-zone-key *ZONE* *FILE* {**KSK**,\ **ZSK**}
     Import from *FILE* a full (private) key for zone called *ZONE*. The
     format used is compatible with BIND and NSD/LDNS. **KSK** or **ZSK**