CAcert Code Development list.

[Gero Treuner <gero-cacert AT innocircle.com>]

Hi developers, board and board followers,

Note to the audience:
Because I present concept work which might be far from working reliably
I prefer to address a smaller group for first feedback.


On Fri, Apr 06, 2018 at 02:10:42PM +0200, Gero Treuner wrote:
> So what do we need (debatable ;-) ?
> 
>  * Solutions are portable (Windows, macOS, POSIX, BSD, mobile platforms)
>  * Not requiring installers
>  * Easy to use interface
>  * Utilizing existing crypto tools and libraries (not reinventing the
>    wheel, IMO a no go in the security area)

I created a set of scripts for the "create client certificate from
scratch" workflow, targeted for UNIX-like systems (console only).
It was developed on Debian GNU/Linux, but I tried to keep commands very
minimal, so there are chances that it also works on other Linux distros,
BSD, Android and maybe even MacOS.

This is a proof of concept to demonstrate that it yields usuable
certificates in browsers, portable solutions are possible without
compiling and building for dozens of platforms (ok, Windows stays out
for now), and show the style of workflow and guiding the user.

On top graphical user interfaces can optionally be created and offered,
comfort and integration can certainly be improved. Also some more
parts can be hardened to be more robust.

Again: It is only a demo - I wouldn't be offended if we want to do
things differently in the end. It depends on your favor - hopefully my
ideas are helpful.

Usage:
 - Extract by "tar -xJf cacert_client_certificate.tar.xz"
 - Run in a terminal "./cacert_client_certificate/create_new_certificate.sh"
 - Take care that you enter passphrases right! Currently for that part
   retries are not implemented...
 - In case of problems: I'd be happy to hear about.


I also appreciate feedback about plans to try it and of general kind.


Gero

Attachment: cacert_client_certificate.tar.xz
Description: Binary data