gpgsm as a CA

Werner Koch wk at
Wed Feb 28 21:08:18 CET 2018

On Wed, 28 Feb 2018 18:57, andrewg at said:

> Is there any support for using gpgsm as a certificate authority?

There is some basic support to create certificates:

   The format of the parameter file is described in the manual under
   "Unattended Usage".


   This parameter file was used to create the STEED CA:
     Key-Type: RSA
     Key-Length: 1024
     Key-Grip: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
     Key-Usage: cert
     Serial: 1
     Name-DN: CN=The STEED Self-Signing Nonthority
     Not-Before: 2011-11-11
     Not-After: 2106-02-06
     Subject-Key-Id: 68A638998DFABAC510EA645CE34F9686B2EDF7EA
     Extension: c 30060101ff020101
     Extension: n 0101ff
     Signing-Key: 68A638998DFABAC510EA645CE34F9686B2EDF7EA

Here a Root CA certificate is created.  However, the Signing-Key
parameter is a generic feature and thus it can also be used to let this
CA sign another key.  What's missing in gpgsm are a parser for the CSR
and code to filter the values of a CSR into a new certificate.  The
parser can be quite easily added the other stuff needs some thinking.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list