Dear sirs and ladies

isp_stream ipstream at onionmail.org
Sat Aug 26 10:32:24 CEST 2023


You are a very helpful person. Thank you sir.



> On Thursday, 24. August 2023 9:54, Werner Koch via Gnupg-users
> [/webmail/send?to=gnupg-users at gnupg.org] wrote:
> 
> 
> 
> On Thu, 24 Aug 2023 06:07, Stuart Longland said:
> 
> > No, you need `openssl` for that.
> 
> Actually you can do that as well with GnuPG.
> 
> gpgsm --gen-key
> 
> creates either a CSR or a self-signed cert. You can build a CA with it.
> This requires a parameter file. For example create a file
> wiki.example.org.parm:
> 
> --8<---------------cut here---------------start------------->8---
> Key-Type: RSA
> Key-Length: 2048
> Key-Usage: sign, encrypt
> Name-DN: CN=wiki,O=example,C=org
> Name-DNS: wiki.example.org
> Serial: random
> Issuer-DN: CN=MY-ROOT-CA,O=example,C=DE
> Signing-Key: 184977136DA4D5C90C202F22E3812012ABCD7174
> --8<---------------cut here---------------end--------------->8---
> 
> The signing key is the keygrip of the ROOT-CA.
> 
> Now run
> 
> gpgsm --gen-key --batch -a -o wiki.example.org.pem wiki.example.org.parm
> 
> (usually you won't use a passphrase) and then run
> 
> gpgsm --import wiki.example.org.pem
> 
> To export the private key you may use
> 
> gpgsm --export-secret-key-raw -a wiki.example.org > wiki.example.org-key.pem
> 
> All from memory - I should write a proper HOWTO. We use this for all
> internal certificates here in the company with the ROOT-CA's key stored
> on a smartcard.
> 
> Salam-Shalom,
> 
> Werner
> 
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230826/6f3c0734/attachment.html>


More information about the Gnupg-users mailing list