Skip to Content.
Sympa Menu

cacert-devel - Re: Tool for generating/importing certificates (related to Bug 1417)

Subject: CAcert Code Development list.

List archive

Re: Tool for generating/importing certificates (related to Bug 1417)

Chronological Thread 
  • From: Gero Treuner <gero-cacert AT>
  • To: cacert-devel AT, cacert-board AT
  • Subject: Re: Tool for generating/importing certificates (related to Bug 1417)
  • Date: Sun, 8 Apr 2018 23:57:00 +0200

Hi developers, board and board followers,

Note to the audience:
Because I present concept work which might be far from working reliably
I prefer to address a smaller group for first feedback.

On Fri, Apr 06, 2018 at 02:10:42PM +0200, Gero Treuner wrote:
> So what do we need (debatable ;-) ?
> * Solutions are portable (Windows, macOS, POSIX, BSD, mobile platforms)
> * Not requiring installers
> * Easy to use interface
> * Utilizing existing crypto tools and libraries (not reinventing the
> wheel, IMO a no go in the security area)

I created a set of scripts for the "create client certificate from
scratch" workflow, targeted for UNIX-like systems (console only).
It was developed on Debian GNU/Linux, but I tried to keep commands very
minimal, so there are chances that it also works on other Linux distros,
BSD, Android and maybe even MacOS.

This is a proof of concept to demonstrate that it yields usuable
certificates in browsers, portable solutions are possible without
compiling and building for dozens of platforms (ok, Windows stays out
for now), and show the style of workflow and guiding the user.

On top graphical user interfaces can optionally be created and offered,
comfort and integration can certainly be improved. Also some more
parts can be hardened to be more robust.

Again: It is only a demo - I wouldn't be offended if we want to do
things differently in the end. It depends on your favor - hopefully my
ideas are helpful.

- Extract by "tar -xJf cacert_client_certificate.tar.xz"
- Run in a terminal "./cacert_client_certificate/"
- Take care that you enter passphrases right! Currently for that part
retries are not implemented...
- In case of problems: I'd be happy to hear about.

I also appreciate feedback about plans to try it and of general kind.


Attachment: cacert_client_certificate.tar.xz
Description: Binary data

Archive powered by MHonArc 2.6.18.

Top of Page