diff options
| author | Werner Koch <[email protected]> | 2011-03-01 13:42:56 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2011-03-01 13:42:56 +0000 |
| commit | 28c157b55cf6db6b6988def5c9512e388c512b10 (patch) | |
| tree | 53b86eee5a2f3cfc131f4df068477b32076aae88 /sm/certreqgen-ui.c | |
| parent | Update some M4 files and AUTHORS. (diff) | |
| download | gnupg-28c157b55cf6db6b6988def5c9512e388c512b10.tar.gz gnupg-28c157b55cf6db6b6988def5c9512e388c512b10.zip | |
Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: [email protected]
Name-Email: [email protected]
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
Diffstat (limited to '')
| -rw-r--r-- | sm/certreqgen-ui.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index 526a182bb..b5b421965 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -1,5 +1,5 @@ /* certreqgen-ui.c - Simple user interface for certreqgen.c - * Copyright (C) 2007, 2010 Free Software Foundation, Inc. + * Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -145,6 +145,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) char *result = NULL; int i; const char *s, *s2; + int selfsigned; answer = NULL; init_membuf (&mb_email, 100); @@ -346,6 +347,11 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) ask_mb_lines (&mb_email, "Name-URI: "); + /* Want a self-signed certificate? */ + selfsigned = tty_get_answer_is_yes + (_("Create self-signed certificate? (y/N) ")); + + /* Put it all together. */ store_key_value_lf (&mb_result, "Key-Type: ", keytype); { @@ -353,10 +359,12 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) snprintf (numbuf, sizeof numbuf, "%u", nbits); store_key_value_lf (&mb_result, "Key-Length: ", numbuf); } - store_key_value_lf (&mb_result, "Key-Usage: ", keyusage); - store_key_value_lf (&mb_result, "Name-DN: ", subject_name); if (keygrip) store_key_value_lf (&mb_result, "Key-Grip: ", keygrip); + store_key_value_lf (&mb_result, "Key-Usage: ", keyusage); + if (selfsigned) + store_key_value_lf (&mb_result, "Serial: ", "random"); + store_key_value_lf (&mb_result, "Name-DN: ", subject_name); if (store_mb_lines (&mb_result, &mb_email)) goto mem_error; if (store_mb_lines (&mb_result, &mb_dns)) @@ -368,14 +376,13 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) if (!result) goto mem_error; - tty_printf (_("Parameters to be used for the certificate request:\n")); + tty_printf (_("These parameters are used:\n")); for (s=result; (s2 = strchr (s, '\n')); s = s2+1, i++) tty_printf (" %.*s\n", (int)(s2-s), s); tty_printf ("\n"); - - if (!tty_get_answer_is_yes ("Really create request? (y/N) ")) - goto leave; + if (!tty_get_answer_is_yes ("Proceed with creation? (y/N) ")) + goto leave; /* Now create a parameter file and generate the key. */ fp = es_fopenmem (0, "w+"); @@ -386,8 +393,9 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) } es_fputs (result, fp); es_rewind (fp); - tty_printf (_("Now creating certificate request. " - "This may take a while ...\n")); + tty_printf (_("Now creating %s. " + "This may take a while ...\n"), + selfsigned?_("self-signed certificate"):_("certificate request")); { int save_pem = ctrl->create_pem; ctrl->create_pem = 1; /* Force creation of PEM. */ @@ -395,7 +403,13 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) ctrl->create_pem = save_pem; } if (!err) - tty_printf (_("Ready. You should now send this request to your CA.\n")); + { + if (selfsigned) + tty_printf (_("Ready.\n")); + else + tty_printf + (_("Ready. You should now send this request to your CA.\n")); + } goto leave; |