From 28c157b55cf6db6b6988def5c9512e388c512b10 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 1 Mar 2011 14:42:56 +0100 Subject: Support X.509 certificate creation. Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: foo@example.org Name-Email: bar@exmaple.org Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details. --- doc/DETAILS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/DETAILS b/doc/DETAILS index 8998d875e..587092757 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -793,7 +793,8 @@ Unattended key generation This feature allows unattended generation of keys controlled by a parameter file. To use this feature, you use --gen-key together with --batch and feed the parameters either from stdin or from a file given -on the commandline. +on the commandline. The description below is only for GPG; GPGSM has +a similar feature, see the file sm/certreqgen.c for a description. The format of this file is as follows: o Text only, line length is limited to about 1000 chars. @@ -1220,6 +1221,8 @@ OIDs below the GnuPG arc: 1.3.6.1.4.1.11591.2 GnuPG 1.3.6.1.4.1.11591.2.1 notation 1.3.6.1.4.1.11591.2.1.1 pkaAddress + 1.3.6.1.4.1.11591.2.2 X.509 extensions + 1.3.6.1.4.1.11591.2.2.1 standaloneCertificate 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID -- cgit v1.2.3