all : gpgsm-params cert.der cert.pem cert.openssl-text key-cert.p12 subject-keygrip.hex : openssl genrsa 2048 \ | openssl pkcs12 -export -nocerts -passout pass: \ | gpgsm --import 2>&1 \ | grep -Po 'keygrip=\s*\K.*' | sed 's/ //g' >$@ gpgsm-params : gpgsm-params-template subject-keygrip.hex issuer-keygrip.hex expiry-datetime ./prepare-gpgsm-params --template gpgsm-params-template \ --subject-keygrip "$(shell cat subject-keygrip.hex)" \ --issuer-keygrip "$(shell cat issuer-keygrip.hex)" \ --expiry-datetime "$(shell date --date="$(shell cat expiry-datetime)")" \ > $@ cert.der : gpgsm-params gpgsm --gen-key --batch --output $@ < $^ cert.pem : cert.der openssl x509 -inform der -in $^ -outform pem -out $@ cert.openssl-text : cert.pem openssl x509 -in $^ -text -noout > $@ key-cert.p12 : cert.der subject-keygrip.hex gpgsm --import cert.der gpgsm --out $@ --export-secret-key-p12 '&$(shell cat subject-keygrip.hex)' clean : -trash subject-keygrip.hex -trash gpgsm-params -trash cert.der -trash cert.pem -trash cert.openssl-text -shred key-cert.p12 && rm key-cert.p12