gpgsm as a CA
Werner Koch
wk at gnupg.org
Wed Feb 28 21:08:18 CET 2018
On Wed, 28 Feb 2018 18:57, andrewg at andrewg.com said:
> Is there any support for using gpgsm as a certificate authority?
There is some basic support to create certificates:
The format of the parameter file is described in the manual under
"Unattended Usage".
[...]
This parameter file was used to create the STEED CA:
Key-Type: RSA
Key-Length: 1024
Key-Grip: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
Key-Usage: cert
Serial: 1
Name-DN: CN=The STEED Self-Signing Nonthority
Not-Before: 2011-11-11
Not-After: 2106-02-06
Subject-Key-Id: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
Extension: 2.5.29.19 c 30060101ff020101
Extension: 1.3.6.1.4.1.11591.2.2.2 n 0101ff
Signing-Key: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
%commit
Here a Root CA certificate is created. However, the Signing-Key
parameter is a generic feature and thus it can also be used to let this
CA sign another key. What's missing in gpgsm are a parser for the CSR
and code to filter the values of a CSR into a new certificate. The
parser can be quite easily added the other stuff needs some thinking.
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180228/b2b0d877/attachment.sig>
More information about the Gnupg-users
mailing list