From 5cdad8ff000152b4bd01953646bb87fe8703c70d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 6 Dec 2011 19:57:27 +0100 Subject: gpgsm: Allow arbitrary extensions for cert creation. * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr". --- doc/DETAILS | 1 + 1 file changed, 1 insertion(+) (limited to 'doc/DETAILS') diff --git a/doc/DETAILS b/doc/DETAILS index 543ae4d96..2e6874e9a 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1036,6 +1036,7 @@ OIDs below the GnuPG arc: 1.3.6.1.4.1.11591.2.1.1 pkaAddress 1.3.6.1.4.1.11591.2.2 X.509 extensions 1.3.6.1.4.1.11591.2.2.1 standaloneCertificate + 1.3.6.1.4.1.11591.2.2.2 wellKnownPrivateKey 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID -- cgit v1.2.3 From 8a12a2000d82acfa881e8c18d028290100bf5e43 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 7 Dec 2011 16:15:15 +0100 Subject: gpgsm: Add new validation model "steed". * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED. --- doc/DETAILS | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/DETAILS') diff --git a/doc/DETAILS b/doc/DETAILS index 2e6874e9a..ddf7438f5 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -58,6 +58,10 @@ record; gpg2 does this by default and the option is a dummy. u = The key is ultimately valid. This often means that the secret key is available, but any key may be marked as ultimately valid. + w = The key has a well known private part. + s = The key has special validity. This means that it + might be self-signed and expected to be used in + the STEED sytem. If the validity information is given for a UID or UAT record, it describes the validity calculated based on this @@ -347,6 +351,7 @@ more arguments in future versions. "pgp" for the standard PGP WoT. "shell" for the standard X.509 model. "chain" for the chain model. + "steed" for the STEED model. Note that we use the term "TRUST_" in the status names for historic reasons; we now speak of validity. -- cgit v1.2.3