curvedns-keygen creates a pair of CurveDNS public and private keys in
       the directory ./env used by tinydns, rbldns and/or walldns in their own
       environment setup by tinydns-conf, rbldns-conf and/or walldns-conf.

       The public key is given as file name uz5.....  including the
       hexadecimal public key as content.

       The private key is binary stored in CURVEDNS_PRIVATE_KEY.  This file is
       read by the respective servers to answer DNSCurve encrypted queries and
       replying to those guaranteeing the confidentiality of the exchanged DNS


       Upon call of curvedns-keygen both the public and the private key are
       generated, stored, and displayed together with their hexademcimal
       values on the console.  The last step can be avoided (for automatic
       generation) directing the output to /dev/null.  New keys require to
       remove the previous keys before, thus they are not overwritten.

       The file CURVEDNS_PRIVATE_KEY should be readable ONLY by the servers
       which can be achieved while generating those as root user.

       The public key uz5.....  needs to be delegated as your name server's
       primary hostname to the superior name server together with the server's
       IPv4 and/or IPv6 address (glue) in order to serve as 'trust anchor'.


       curvedns-keygen exits 0 in case the keys have been generated and 100 if
       errors during generation were encountered.  Error code indicate memory


       tinydns-conf(8), rbldns-conf(8), walldns-conf(8)

                                       8        djbdnscurve6:(curvedns-keygen)

Man(1) output converted with man2html