[Gpg4win-users-en] unknown keyword in gpgsm --gen-key --batch certificate
Cristian Baboi
cristian.baboi at gmail.com
Tue Jan 7 02:30:49 CET 2014
Your example produced a REQUEST for a certificate.
The manual for the latest gnupg say there is a way to make a certificate.
Attempting to specify a serial number for the certificate in batch mode produced a keyword error.
Werner Koch <wk at gnupg.org> wrote:
>On Fri, 3 Jan 2014 18:37, cristian.baboi at gmail.com said:
>
>> Is it possible to create certificates (not requests) with gpgsm from
>gpg4win?
>
>Yes. Except for CRL stuff all mechanisms to build your own CA software
>are there.
>
>Example:
>
> $ ~/b/gnupg-2.0/sm/gpgsm --version
> gpgsm (GnuPG) 2.0.23-beta13
> libgcrypt 1.5.3
> libksba 1.2.0-gitd5bf2a9
>
> $ ~/b/gnupg-2.0/sm/gpgsm --gen-key
> Please select what kind of key you want:
> (1) RSA
> (2) Existing key
> (3) Existing key from card
> Your selection? 1
> What keysize do you want? (2048)
> Requested keysize is 2048 bits
> Possible actions for a RSA key:
> (1) sign, encrypt
> (2) sign
> (3) encrypt
> Your selection? 1
> Enter the X.509 subject name: CN=Certy Self
> Enter email addresses (end with an empty line):
> > certy at example.org
> >
> Enter DNS names (optional; end with an empty line):
> >
> Enter URIs (optional; end with an empty line):
> >
> Parameters to be used for the certificate request:
> Key-Type: RSA
> Key-Length: 2048
> Key-Usage: sign, encrypt
> Name-DN: CN=Certy Self
> Name-Email: certy at example.org
>
> Really create request? (y/N) y
> Now creating certificate request. This may take a while ...
> gpgsm: DBG: connection to agent established
>gpgsm: about to sign CSR for key:
>&B06ECC0A214585968676567BAA4CEBA5CAF34B11
> -----BEGIN CERTIFICATE REQUEST-----
> MIICiTCCAXECAQAwFTETMBEGA1UEAxMKQ2VydHkgU2VsZjCCASIwDQYJKoZIhvcN
> [...]
>
>
>2.0.22 should be identical.
>
>
>
>Salam-Shalom,
>
> Werner
More information about the Gpg4win-users-en
mailing list