ddnnsssseecc--rreevvookkee reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.
-h Emit usage message and exit.
-K _d_i_r_e_c_t_o_r_y Sets the directory in which the key files are to reside.
-r After writing the new keyset files remove the original keyset files.
-v _l_e_v_e_l Sets the debugging level.
-E _e_n_g_i_n_e Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-f Force overwrite: Causes ddnnsssseecc--rreevvookkee to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
ddnnsssseecc--kkeeyyggeenn(8), BIND 9 Administrator Reference Manual, RFC 5011.
Internet Systems Consortium