On Wed, 28 Feb 2018 18:57, andr...@andrewg.com said:

> Is there any support for using gpgsm as a certificate authority?

There is some basic support to create certificates:

   The format of the parameter file is described in the manual under
   "Unattended Usage".

   [...]

   This parameter file was used to create the STEED CA:
     Key-Type: RSA
     Key-Length: 1024
     Key-Grip: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
     Key-Usage: cert
     Serial: 1
     Name-DN: CN=The STEED Self-Signing Nonthority
     Not-Before: 2011-11-11
     Not-After: 2106-02-06
     Subject-Key-Id: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
     Extension: 2.5.29.19 c 30060101ff020101
     Extension: 1.3.6.1.4.1.11591.2.2.2 n 0101ff
     Signing-Key: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
     %commit

Here a Root CA certificate is created.  However, the Signing-Key
parameter is a generic feature and thus it can also be used to let this
CA sign another key.  What's missing in gpgsm are a parser for the CSR
and code to filter the values of a CSR into a new certificate.  The
parser can be quite easily added the other stuff needs some thinking.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpAESnHaFLLb.pgp
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to