Support X.509 certificate creation.

Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: foo@example.org Name-Email: bar@exmaple.org Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
2025-07-03 22:56:33 +02:00 · 2011-03-01 14:42:56 +01:00 · 2011-03-01 14:42:56 +01:00 · 28c157b55c
commit 28c157b55c
parent bb6d1b48f6
8 changed files with 615 additions and 81 deletions
--- a/4
+++ b/4
@ -19,9 +19,13 @@ Noteworthy changes in version 2.1.0beta2 (unreleased)

 * Dirmngr has taken over the function of the keyserver helpers.  Thus
   we now have a specified direct interface to keyservers via Dirmngr.
+   LDAP, DNS and mail backends are not yet implemented.

 * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt.

+ * New GPGSM feature to create certificates from a parameter file.
+   Add prompt to the --gen-key UI to create self-signed certificates.
+

 Noteworthy changes in version 2.1.0beta1 (2010-10-26)
 -----------------------------------------------------