Dear sirs and ladies
isp_stream
ipstream at onionmail.org
Sat Aug 26 10:32:24 CEST 2023
You are a very helpful person. Thank you sir.
> On Thursday, 24. August 2023 9:54, Werner Koch via Gnupg-users
> [/webmail/send?to=gnupg-users at gnupg.org] wrote:
>
>
>
> On Thu, 24 Aug 2023 06:07, Stuart Longland said:
>
> > No, you need `openssl` for that.
>
> Actually you can do that as well with GnuPG.
>
> gpgsm --gen-key
>
> creates either a CSR or a self-signed cert. You can build a CA with it.
> This requires a parameter file. For example create a file
> wiki.example.org.parm:
>
> --8<---------------cut here---------------start------------->8---
> Key-Type: RSA
> Key-Length: 2048
> Key-Usage: sign, encrypt
> Name-DN: CN=wiki,O=example,C=org
> Name-DNS: wiki.example.org
> Serial: random
> Issuer-DN: CN=MY-ROOT-CA,O=example,C=DE
> Signing-Key: 184977136DA4D5C90C202F22E3812012ABCD7174
> --8<---------------cut here---------------end--------------->8---
>
> The signing key is the keygrip of the ROOT-CA.
>
> Now run
>
> gpgsm --gen-key --batch -a -o wiki.example.org.pem wiki.example.org.parm
>
> (usually you won't use a passphrase) and then run
>
> gpgsm --import wiki.example.org.pem
>
> To export the private key you may use
>
> gpgsm --export-secret-key-raw -a wiki.example.org > wiki.example.org-key.pem
>
> All from memory - I should write a proper HOWTO. We use this for all
> internal certificates here in the company with the ROOT-CA's key stored
> on a smartcard.
>
> Salam-Shalom,
>
> Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230826/6f3c0734/attachment.html>
More information about the Gnupg-users
mailing list