Support X.509 certificate creation.
authorWerner Koch <wk@gnupg.org>
Tue, 1 Mar 2011 13:42:56 +0000 (14:42 +0100)
committerWerner Koch <wk@gnupg.org>
Tue, 1 Mar 2011 13:42:56 +0000 (14:42 +0100)
commit28c157b55cf6db6b6988def5c9512e388c512b10
tree53b86eee5a2f3cfc131f4df068477b32076aae88
parentbb6d1b48f61d483fc75a17b4d140c489afe43ef0
Support X.509 certificate creation.

Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
NEWS
doc/DETAILS
sm/ChangeLog
sm/certreqgen-ui.c
sm/certreqgen.c
sm/gpgsm.h
sm/keylist.c
sm/misc.c