Support X.509 certificate creation.

Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: [email protected]
    Name-Email: [email protected]
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.

1 files changed, 4 insertions, 1 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 8998d875e..587092757 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -793,7 +793,8 @@ Unattended key generation
 This feature allows unattended generation of keys controlled by a
 parameter file.  To use this feature, you use --gen-key together with
 --batch and feed the parameters either from stdin or from a file given
-on the commandline.
+on the commandline.  The description below is only for GPG; GPGSM has
+a similar feature, see the file sm/certreqgen.c for a description.
 
 The format of this file is as follows:
   o Text only, line length is limited to about 1000 chars.
@@ -1220,6 +1221,8 @@ OIDs below the GnuPG arc:
  1.3.6.1.4.1.11591.2          GnuPG
  1.3.6.1.4.1.11591.2.1          notation
  1.3.6.1.4.1.11591.2.1.1          pkaAddress
+ 1.3.6.1.4.1.11591.2.2          X.509 extensions
+ 1.3.6.1.4.1.11591.2.2.1          standaloneCertificate
  1.3.6.1.4.1.11591.2.12242973   invalid encoded OID