It seems you have found a bug. That option although documented was not implemented. You can work around that by using: key_purpose_oid = 1.3.6.1.5.5.7.3.4
regards, Nikos On Thu, May 4, 2017 at 7:45 PM, Yan Fiz <[email protected]> wrote: > I get "Warning: skipping unknown option 'email_protection_key'" error while > use 'email_protection_key' purpose that in mentioned > http://gnutls.org/manual/html_node/certtool-Invocation.html. > > certtool 3.5.11 > > Example ; > > $ cat authority.cfg > cn=Authority > ca > path_len=0 > cert_signing_key > crl_signing_key > expiration_days=365 > > $ cat user.cfg > cn=User > signing_key > non_repudiation > encryption_key > email_protection_key > expiration_days=365 > > $ certtool --generate-privkey --rsa --bits 2048 --outfile authority.p8 > $ certtool --generate-privkey --rsa --bits 2048 --outfile user.p8 > $ certtool --generate-self-signed --hash sha512 --load-privkey authority.p8 > --outfile authority.crt --template authority.cfg > $ certtool --generate-request --hash sha512 --load-privkey user.p8 --outfile > user.p10 --template user.cfg > Warning: skipping unknown option 'email_protection_key' > > _______________________________________________ > Gnutls-help mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnutls-help _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
