On Wed, 28 Feb 2018 18:57, andr...@andrewg.com said: > Is there any support for using gpgsm as a certificate authority?
There is some basic support to create certificates:
The format of the parameter file is described in the manual under
"Unattended Usage".
[...]
This parameter file was used to create the STEED CA:
Key-Type: RSA
Key-Length: 1024
Key-Grip: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
Key-Usage: cert
Serial: 1
Name-DN: CN=The STEED Self-Signing Nonthority
Not-Before: 2011-11-11
Not-After: 2106-02-06
Subject-Key-Id: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
Extension: 2.5.29.19 c 30060101ff020101
Extension: 1.3.6.1.4.1.11591.2.2.2 n 0101ff
Signing-Key: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
%commit
Here a Root CA certificate is created. However, the Signing-Key
parameter is a generic feature and thus it can also be used to let this
CA sign another key. What's missing in gpgsm are a parser for the CSR
and code to filter the values of a CSR into a new certificate. The
parser can be quite easily added the other stuff needs some thinking.
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpAESnHaFLLb.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
