clean up the text relating to pseudorandom input.
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-makekeyset.8,v 1.4 2000/07/26 00:47:14 bwelling Exp $
+.\" $Id: dnssec-makekeyset.8,v 1.4.2.1 2000/08/02 22:10:10 gson Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-MAKEKEYSET 8
.Op Fl e Ar end-time
.Op Fl t Ar TTL
.Op Fl r Ar randomdev
+.Op Fl p
.Op Fl v Ar level
.Ar keyfile ....
.Sh DESCRIPTION
between keystrokes to derive some random data.
.Pp
The
+.Fl p
+option instructs
+.Nm dnssec-makekeyset
+to use pseudo-random data when self-signing the keyset. This is faster, but
+less secure, than using genuinely random data for signing.
+This option may be useful when the entropy source is limited.
+.Pp
+The
.Fl t
option is followed by a time-to-live argument
.Ar TTL
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signkey.8,v 1.5 2000/07/26 19:13:18 gson Exp $
+.\" $Id: dnssec-signkey.8,v 1.5.2.1 2000/08/02 22:10:12 gson Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNKEY 8
print a short summary of its command line options
and arguments.
.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys. This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign or if the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require as much protection against cryptanalysis, such as when the key
-will be discarded long before it could be compromised.
.Nm dnssec-signkey
may need random numbers in the process of generating keys.
If the system does not have a
as a source of random data.
.Pp
The
+.Fl p
+option instructs
+.Nm dnssec-signkey
+to use pseudo-random data when signing the keys. This is faster, but
+less secure, than using genuinely random data for signing.
+This option may be useful when there are many child zone keysets to
+sign or if the entropy source is limited.
+It could also be used for short-lived keys and signatures that don't
+require as much protection against cryptanalysis, such as when the key
+will be discarded long before it could be compromised.
+.Pp
+The
.Fl v
option can be used to make
.Nm dnssec-signkey
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.7 2000/07/26 21:36:43 gson Exp $
+.\" $Id: dnssec-signzone.8,v 1.7.2.1 2000/08/02 22:10:13 gson Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
are due to expire in less than 7.5 days, they would be replaced
with new ones.
.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys. This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign or if the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require as much protection against cryptanalysis, such as when the key
-will be discarded long before it could be compromised.
-.Pp
.Nm dnssec-signzone
may need random numbers in the process of signing the zone.
If the system does not have a
.Ar randomdev
as a source of random data.
.Pp
+The
+.Fl p
+option instructs
+.Nm dnssec-signkey
+to use pseudo-random data when signing the keys. This is faster, but
+less secure, than using genuinely random data for signing.
+This option may be useful when there are many child zone keysets to
+sign or if the entropy source is limited.
+It could also be used for short-lived keys and signatures that don't
+require as much protection against cryptanalysis, such as when the key
+will be discarded long before it could be compromised.
+.Pp
An option of
.Fl h
makes
projects / thirdparty / bind9.git / commitdiff
