From: Petr Špaček Date: Thu, 9 Jun 2022 12:48:53 +0000 (+0200) Subject: Clarify dnssec-keyfromlabel -a in man page X-Git-Tag: v9.19.3~58^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f53003dae4d65dffab7d9c0f906242aa26ceabc;p=thirdparty%2Fbind9.git Clarify dnssec-keyfromlabel -a in man page --- diff --git a/bin/dnssec/dnssec-keyfromlabel.rst b/bin/dnssec/dnssec-keyfromlabel.rst index 2b9cb488f7a..098feb9ecbc 100644 --- a/bin/dnssec/dnssec-keyfromlabel.rst +++ b/bin/dnssec/dnssec-keyfromlabel.rst @@ -45,20 +45,16 @@ Options be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. - If no algorithm is specified, RSASHA1 is used by default - unless the :option:`-3` option is specified, in which case NSEC3RSASHA1 - is used instead. (If :option:`-3` is used and an algorithm is - specified, that algorithm is checked for compatibility with - NSEC3.) - These values are case-insensitive. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3` option, then NSEC3RSASHA1 is used instead. - Since BIND 9.12.0, this option is mandatory except when using the + This option is mandatory except when using the :option:`-S` option, which copies the algorithm from the predecessory key. - Previously, the default for newly generated keys was RSASHA1. + + .. versionchanged:: 9.12.0 + The default value RSASHA1 for newly generated keys was removed. .. option:: -3 diff --git a/doc/man/dnssec-keyfromlabel.1in b/doc/man/dnssec-keyfromlabel.1in index 810a1ebe963..a59fa8cf4d4 100644 --- a/doc/man/dnssec-keyfromlabel.1in +++ b/doc/man/dnssec-keyfromlabel.1in @@ -52,20 +52,16 @@ This option selects the cryptographic algorithm. The value of \fBalgorithm\fP mu be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. .sp -If no algorithm is specified, RSASHA1 is used by default -unless the \fI\%\-3\fP option is specified, in which case NSEC3RSASHA1 -is used instead. (If \fI\%\-3\fP is used and an algorithm is -specified, that algorithm is checked for compatibility with -NSEC3.) -.sp These values are case\-insensitive. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP option, then NSEC3RSASHA1 is used instead. .sp -Since BIND 9.12.0, this option is mandatory except when using the +This option is mandatory except when using the \fI\%\-S\fP option, which copies the algorithm from the predecessory key. -Previously, the default for newly generated keys was RSASHA1. +.sp +Changed in version 9.12.0: The default value RSASHA1 for newly generated keys was removed. + .UNINDENT .INDENT 0.0 .TP