doc: Rewrite to use 'gpgsm' instead of 'gpgsm-gencert.sh'.

* README: Rewrite to use 'gpgsm' instead of 'gpgsm-gencert.sh'.
* doc/manual/scute.texi: Likewise.
--
We no longer ship 'gpgsm-gencert.sh' with GnuPG.

Signed-off-by: Justus Winter <justus@g10code.com>
Debian-bug-id: 790891

README

@@ -92,51 +92,52 @@ http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto.html
 Once the card is initialised, we have to generate a certificate
 signing request (CSR) to get the authentication key of the card
 (OPENPGP.3, the third key on the card) certified by the CA.  This can
-be done with the script "gpgsm-gencert.sh".  For the CSR, a
-distinguished name (DN) is required.  Your CA will have more
-information about what this DN should contain.  Below we use an
-example for a test-employee "Floppy Head" of the test-CA that ships
-with OpenSSL ("Snake Oil, Ltd.").
+be done using "gpgsm --gen-key".  For the CSR, a distinguished name
+(DN) is required.  Your CA will have more information about what this
+DN should contain.  Below we use an example for a test-employee
+"Floppy Head" of the test-CA that ships with OpenSSL ("Snake Oil,
+Ltd.").
 
 Generating the CSR is then just a matter of answering a few questions:
 
-$ gpgsm-gencert.sh > /tmp/floppy.csr
-Key type
- [1] RSA
- [2] existing key
- [3] OPENPGP.1
- [4] OPENPGP.3
-Your selection: 4
-You selected: OPENPGP.3
-Key usage
- [1] sign, encrypt
- [2] sign
- [3] encrypt
-Your selection: 2
-You selected: sign
-Name (DN)
-> CN=Floppy Head,OU=Webserver Team,O="Snake Oil, Ltd",L=Snake Town,ST=Snake Desert,C=XY
-E-Mail addresses (end with an empty line)
-> floppy@head.com
-E-Mail addresses (end with an empty line)
+$ gpgsm --gen-key > client.csr
+Please select what kind of key you want:
+   (1) RSA
+   (2) Existing key
+   (3) Existing key from card
+Your selection? 3
+Serial number of the card: 355F9746499F0D4B4ECEE4928B007D16
+Available keys:
+   (1) D53137B94C38D9BF6A199706EA6D5253 OPENPGP.1
+   (2) B0CD1A9DFC3539A1D6A8B851A11C8665 OPENPGP.2
+   (3) 53DB41052CC590A40B403F3E6350E5DC OPENPGP.3
+Your selection? 3
+Possible actions for a RSA key:
+   (1) sign, encrypt
+   (2) sign
+   (3) encrypt
+Your selection? 2
+Enter the X.509 subject name: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
+Enter email addresses (end with an empty line):
+> floppy.head@example.org
 >
-DNS Names (optional; end with an empty line)
+Enter DNS names (optional; end with an empty line):
 >
-URIs (optional; end with an empty line)
+Enter URIs (optional; end with an empty line):
 >
-Parameters for certificate request to create:
-     1  Key-Type: card:OPENPGP.3
-     2  Key-Length: 
-     3  Key-Usage: sign
-     4  Name-DN: CN=Floppy Head,OU=Webserver Team,O="Snake Oil, Ltd",L=Snake Town,ST=Snake Desert,C=XY
-     5  Name-Email: floppy@head.com
-
-Really create such a CSR?
- [1] yes
- [2] no
-Your selection: 1
-You selected: yes
+Create self-signed certificate? (y/N) n
+These parameters are used:
+    Key-Type: card:OPENPGP.3
+    Key-Length: 1024
+    Key-Usage: sign
+    Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
+    Name-Email: floppy.head@example.org
+
+Proceed with creation? (y/N) y
+Now creating certificate request.  This may take a while ...
+gpgsm: about to sign the CSR for key: &53DB41052CC590A40B403F3E6350E5DC
 gpgsm: certificate request created
+Ready.  You should now send this request to your CA.
 
 It is required to enter the signing PIN of the card to complete this
 step.  The certificate can then be found in the file "/tmp/floppy.csr".

doc/manual/scute.texi

@@ -310,34 +310,29 @@ Before you start, make sure that the GPG Agent is running, see
 create a CSR with the command:
 
 @example
-$ gpgsm-gencert.sh > floppy-head.p10
-Key type
- [1] RSA
- [2] Existing key
- [3] Direct from card
-Your selection: 3
-You selected: Direct from card
+$ gpgsm --gen-key > floppy-head.csr
+Please select what kind of key you want:
+   (1) RSA
+   (2) Existing key
+   (3) Existing key from card
+Your selection? 3
 @end example
 
 As we create a certificate for the OpenPGP Card, the option ``@code{[3]
 Direct from card}'' should be selected.
 
 @example
-Card with S/N D27600012401010100010000051B0000 found
-gpg-agent uses OPENPGP.3 as ssh key
-Select key 
- [1] OPENPGP.1
- [2] OPENPGP.2
- [3] OPENPGP.3
- [4] back
-Your selection: 3
-You selected: OPENPGP.3
-Key usage
- [1] sign, encrypt
- [2] sign
- [3] encrypt
-Your selection: 2
-You selected: sign
+Serial number of the card: 355F9746499F0D4B4ECEE4928B007D16
+Available keys:
+   (1) D53137B94C38D9BF6A199706EA6D5253 OPENPGP.1
+   (2) B0CD1A9DFC3539A1D6A8B851A11C8665 OPENPGP.2
+   (3) 53DB41052CC590A40B403F3E6350E5DC OPENPGP.3
+Your selection? 3
+Possible actions for a RSA key:
+   (1) sign, encrypt
+   (2) sign
+   (3) encrypt
+Your selection? 2
 @end example
 
 The only operation currently supported is client authentication.  For
@@ -347,16 +342,15 @@ sign}'' should be chosen.  Note that the key usage is only advisory, and
 the CA may assign different capabilities.
 
 @example
-Name (DN)
-> CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
-E-Mail addresses (end with an empty line)
-> floppy.head@@example.com
-E-Mail addresses (end with an empty line)
-> 
-DNS Names (optional; end with an empty line)
-> 
-URIs (optional; end with an empty line)
-> 
+Enter the X.509 subject name: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
+Enter email addresses (end with an empty line):
+> floppy.head@@example.org
+>
+Enter DNS names (optional; end with an empty line):
+>
+Enter URIs (optional; end with an empty line):
+>
+Create self-signed certificate? (y/N) n
 @end example
 
 As a last step, the common name and e-mail address of the key owner need
@@ -368,18 +362,16 @@ We have now entered all required information and gpgsm will display what
 it has gathered and ask whether to create the certificate request:
 
 @example
-Parameters for certificate request to create:
-     1	Key-Type: card:OPENPGP.3
-     2	Key-Length: 
-     3	Key-Usage: sign
-     4	Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
-     5	Name-Email: floppy.head@@example.com
-
-Really create such a CSR?
- [1] yes
- [2] no
-Your selection: 1
-You selected: yes
+These parameters are used:
+    Key-Type: card:OPENPGP.3
+    Key-Length: 1024
+    Key-Usage: sign
+    Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
+    Name-Email: floppy.head@@example.org
+
+Proceed with creation? (y/N) y
+Now creating certificate request.  This may take a while ...
+gpgsm: about to sign the CSR for key: &53DB41052CC590A40B403F3E6350E5DC
 @end example
 
 GPGSM will now start working on creating the request.  During this time
@@ -389,13 +381,14 @@ key on the card.  A pop up window will appear to ask for it.
 When it is ready, you should see the final notice:
 
 @example
-  gpgsm: certificate request created
+gpgsm: certificate request created
+Ready.  You should now send this request to your CA.
 @end example
 
 Now, you may look at the created request:
 
 @example
-$ cat floppy-head.p10
+$ cat floppy-head.csr
 -----BEGIN CERTIFICATE REQUEST-----
 MIICCDCCAXECAQAwgYExCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNl
 cnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRk
@@ -424,7 +417,7 @@ certificate will be shown, which you can cut and paste into a new file
 
 Alternatively if, for example, you set up your own CA with OpenSSL, then
 you can create your own certificate by issueing a command similar
-@code{openssl ca -in floppy-head.p10 -cert snakeoil-ca-rsa.crt -keyfile
+@code{openssl ca -in floppy-head.csr -cert snakeoil-ca-rsa.crt -keyfile
 snakeoil-ca-rsa.key -out floppy-head.crt}.  Please see the OpenSSL
 documentation for more details on how to set up and administrate a
 certificate authority infrastructure.