gpgsm: generate client cert for pre-existing key; sign with other

X509v3 extensions:
    X509v3 Basic Constraints: critical
        CA:FALSE
    X509v3 Extended Key Usage:
        TLS Web Client Authentication
    X509v3 Subject Key Identifier:
        .*
    X509v3 Authority Key Identifier:
        keyid:.*

    X509v3 Key Usage: critical
        Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

Makefile

@@ -0,0 +1,15 @@
+all : cert.der cert.pem cert.openssl-text
+
+cert.der : gpgsm-batch-params
+	gpgsm --gen-key --batch --output $@ < $^
+
+cert.pem : cert.der
+	openssl x509 -inform der -in $^ -outform pem -out $@
+
+cert.openssl-text : cert.pem
+	openssl x509 -in $^ -text > $@
+
+clean : 
+	-trash cert.der
+	-trash cert.pem
+	-trash cert.openssl-text

gpgsm-batch-params

@@ -0,0 +1,17 @@
+Key-Type: RSA
+# Key-Length: 2048
+Key-Grip: 6C1DEF614EB6B631FAFB6A90B85D0352001BF1C3
+Key-Usage: encrypt,sign
+Serial: random
+Name-DN: CN=client,C=AT
+Hash-Algo: SHA256
+Issuer-DN: CN=Fabian Peter Hammerle,C=AT
+Subject-Key-Id: 6C1DEF614EB6B631FAFB6A90B85D0352001BF1C3
+Signing-Key: C2E04B00B3F087DB143B4BB6411813BA220ED4BA
+Authority-Key-Id: C2E04B00B3F087DB143B4BB6411813BA220ED4BA
+# X509v3 Basic Constraints: critical
+#   CA:FALSE
+Extension: 2.5.29.19 c 3003010100
+# X509v3 Extended Key Usage:
+#   TLS Web Client Authentication
+Extension: 2.5.29.37 n 300A06082B06010505070302