| 1234567891011121314151617181920212223242526272829303132333435 |
- all : gpgsm-params cert.der cert.pem cert.openssl-text key-cert.p12
- subject-keygrip.hex :
- openssl genrsa 2048 \
- | openssl pkcs12 -export -nocerts -passout pass: \
- | gpgsm --import 2>&1 \
- | grep -Po 'keygrip=\s*\K.*' | sed 's/ //g' >$@
- gpgsm-params : gpgsm-params-template subject-keygrip.hex issuer-keygrip.hex expiry-datetime
- ./prepare-gpgsm-params --template gpgsm-params-template \
- --subject-keygrip "$(shell cat subject-keygrip.hex)" \
- --issuer-keygrip "$(shell cat issuer-keygrip.hex)" \
- --expiry-datetime "$(shell date --date="$(shell cat expiry-datetime)")" \
- > $@
- cert.der : gpgsm-params
- gpgsm --gen-key --batch --output $@ < $^
- cert.pem : cert.der
- openssl x509 -inform der -in $^ -outform pem -out $@
- cert.openssl-text : cert.pem
- openssl x509 -in $^ -text -noout > $@
- key-cert.p12 : cert.der subject-keygrip.hex
- gpgsm --import cert.der
- gpgsm --out $@ --export-secret-key-p12 '&$(shell cat subject-keygrip.hex)'
- clean :
- -trash subject-keygrip.hex
- -trash gpgsm-params
- -trash cert.der
- -trash cert.pem
- -trash cert.openssl-text
- -shred key-cert.p12 && rm key-cert.p12
|
