It looks to me as if you are trying to generate a TSIG key for DNS updates. Try using "tsig-keygen" instead.
> -----Original Message-----
> From: bind-users [mailto:[hidden email]] On Behalf Of
> Sent: Monday, 2 March 2020 1:13 PM
> To: bind-users
> Subject: Bind 9.14 and bind-tools 9.16
> With my install of bind 9.14 bindtools 9.16.0 was also installed.
> This version is missing some (legacy) algorithms that I am still using on
> my system, specifically hmac-sha256
> dnssec-keygen [options] name
> Version: 9.16.0
> name: owner of the key
> -a <algorithm>:
> RSASHA1 | NSEC3RSASHA1 |
> RSASHA256 | RSASHA512 |
> ECDSAP256SHA256 | ECDSAP384SHA384 |
> ED25519 | ED448 | DH
> This is the only version of bind-tools in FreeBSD 12.1 AFAICT.
> I need to generate hmac-sha256 for lets encrypt/dehydrated (at least that
> is what the documentation says).
> dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST -K <KEYPATH> _acme-
> "Are you pondering what I'm pondering?"
> "I think so, Brain, but 'Snowball for Windows’?"
> Please visit
> https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/bind- > users__;!!N14HnBHF!v5sIUD50pNXv63eja8IZq6Nsp6hrn4TY2GnWaJB6TMF2WQNbTnrP1fC
> u0u1Snq24f4xJl5w$ to unsubscribe from this list
> bind-users mailing list
> [hidden email] > https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/bind- > users__;!!N14HnBHF!v5sIUD50pNXv63eja8IZq6Nsp6hrn4TY2GnWaJB6TMF2WQNbTnrP1fC