diff --git a/README.md b/README.md index 23ef9ab..3ec2ee0 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ the command has three modes: - **Reset PKCS#11 Keys** `dns-tools reset-pkcs11-keys` Deletes all the keys from the HSM. Is a very dangerous command. It uses some parameters from `sign`, as `-p`, `-l` and `-k`. - **Sign** allows to sign a zone. Its common parameters are: - - `--create-keys (-c)` creates the keys if they doesn't exist. + - `--create-keys (-c)` creates the keys if they do not exist. If they exist, they are overwritten. - `--rrsig-expiration-date (-E)` Allows to use a specific expiration date for RRSIG signatures. It can be overrided by --rrsig-duration. - `--rrsig-duration (-D)` Allows to use a expiration date for RRSIG signatures relative to current time. It overrides --rrsig-expiration-date. Default value is empty. - `--verify-threshold-date (-t)` Exact date it needs to be before a signature expiration to be considered as expired by the verifier. It is ignored if --verify-threshold-duration is set. Default is tomorrow. diff --git a/cmd/sign.go b/cmd/sign.go index 4fdfec4..53be76b 100644 --- a/cmd/sign.go +++ b/cmd/sign.go @@ -22,7 +22,7 @@ func init() { signCmd.PersistentFlags().StringP("file", "f", "", "Full path to zone file to be signed.") signCmd.PersistentFlags().StringP("zone", "z", "", "Origin zone name. If it is not specified, $ORIGIN inside the file will be used as this value.") signCmd.PersistentFlags().StringP("output", "o", "", "Output for the signed zone file. By default is based on zone file name, with \"-signed\" at the end of the name and before the extension") - signCmd.PersistentFlags().BoolP("create-keys", "c", false, "Creates a new pair of keys, outdating all valid keys.") + signCmd.PersistentFlags().BoolP("create-keys", "c", false, "Creates a new pair of keys, deleting all previously valid keys.") signCmd.PersistentFlags().StringP("sign-algorithm", "a", "rsa", "Algorithm used in signing.") signCmd.PersistentFlags().BoolP("nsec3", "3", false, "Use NSEC3 instead of NSEC.") signCmd.PersistentFlags().BoolP("opt-out", "x", false, "Use NSEC3 with opt-out.")