dnst keygen list of algorithms and option to specify key size hard to find. #98
Description
$ dnst keygen -h
Generate a new key pair for a given domain name
Usage: dnst keygen [OPTIONS] --algorithm <algorithm> <domain>
Arguments:
<domain> The domain name to generate a key for
Options:
-a, --algorithm <algorithm> The signature algorithm to generate for
-k Generate a key signing key instead of a zone signing key
-s, --symlink[=<how>] Whether to create symlinks [default: no] [possible values: no, yes, force]
-h, --help Print help (see more with '--help')
Based on this one might ask which algorithms are supported (as -a list only works in LDNS emulation mode, not in DNST mode) or how do I specify an RSA key length.
It is possible to learn how to do both, but only from the long help:
$ dnst keygen --help
...
Options:
-a, --algorithm <algorithm>
The signature algorithm to generate for
Possible values:
- RSASHA256[:<bits>]: An RSA SHA-256 key (algorithm 8) of the given size (default 2048)
- ECDSAP256SHA256: An ECDSA P-256 SHA-256 key (algorithm 13)
- ECDSAP384SHA384: An ECDSA P-384 SHA-384 key (algorithm 14)
- ED25519: An Ed25519 key (algorithm 15)
- ED448: An Ed448 key (algorithm 16)
...
Maybe the -h output could direct users to --help to learn about the available algorithms and how to specify key size?