From: Matt Nordhoff <mnordhoff@mattnordhoff.com>
Date: Tue, 13 Nov 2018 13:54:50 +0000 (+0000)
Subject: pdnsutil.1 and settings: Add ed448, and remove way-old algorithms
X-Git-Tag: auth-4.2.0-alpha1~46^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37356d71d06d6f57d6a3de13772f3b37f16db672;p=pdns

pdnsutil.1 and settings: Add ed448, and remove way-old algorithms
---

diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst
index 7af7fd7a0..1d1fcbf2a 100644
--- a/docs/manpages/pdnsutil.1.rst
+++ b/docs/manpages/pdnsutil.1.rst
@@ -40,7 +40,6 @@ algorithms are supported:
 -  rsasha1
 -  rsasha256
 -  rsasha512
--  gost
 -  ecdsa256
 -  ecdsa384
 -  ed25519
@@ -72,8 +71,8 @@ generate-zone-key {**KSK**,\ **ZSK**} [*ALGORITHM*] [*KEYBITS*]
     and print it on STDOUT. If *ALGORITHM* is not set, RSASHA512 is
     used. If *KEYBITS* is not set, an appropriate keysize is selected
     for *ALGORITHM*. Each ECC-based algorithm supports only one valid
-    *KEYBITS* value: For GOST, ECDSA256, and ED25519, it is 256; for
-    ECDSA384, it is 384; and for ED448, it is 456.
+    *KEYBITS* value: For ECDSA256 and ED25519, it is 256; for ECDSA384,
+    it is 384; and for ED448, it is 456.
 import-zone-key *ZONE* *FILE* {**KSK**,\ **ZSK**}
     Import from *FILE* a full (private) key for zone called *ZONE*. The
     format used is compatible with BIND and NSD/LDNS. **KSK** or **ZSK**
diff --git a/docs/settings.rst b/docs/settings.rst
index 84b2e8685..548b25d94 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -288,10 +288,6 @@ The algorithm that should be used for the KSK when running
 :doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/cryptokey>`
 to enable DNSSEC. Must be one of:
 
-* rsamd5
-* dh
-* dsa
-* ecc
 * rsasha1
 * rsasha256
 * rsasha512
@@ -299,6 +295,7 @@ to enable DNSSEC. Must be one of:
 * ecdsa256 (ECDSA P-256 with SHA256)
 * ecdsa384 (ECDSA P-384 with SHA384)
 * ed25519
+* ed448
 
 .. note::
   Actual supported algorithms depend on the crypto-libraries
@@ -384,10 +381,6 @@ The algorithm that should be used for the ZSK when running
 :doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/cryptokey>`
 to enable DNSSEC. Must be one of:
 
-* rsamd5
-* dh
-* dsa
-* ecc
 * rsasha1
 * rsasha256
 * rsasha512
@@ -395,6 +388,7 @@ to enable DNSSEC. Must be one of:
 * ecdsa256 (ECDSA P-256 with SHA256)
 * ecdsa384 (ECDSA P-384 with SHA384)
 * ed25519
+* ed448
 
 .. note::
   Actual supported algorithms depend on the crypto-libraries