2 This is helper script for managing X.509 TLS PKI.
4 ECDSA keypairs are handled with GnuTLS'es certtool.
5 GOST keypairs are handled with PyGOST'es utilities
6 (http://www.pygost.cypherpunks.ru).
8 CA certificates have 10 years validity lifetime.
9 EE certificates have 365 days one.
10 EE certificates contain only domain name and a country.
12 Edit zeasypki to suit your needs and working environment. Probably you
13 want to change goston(), that activates PyGOST venv and key encryption
17 $ mkdir mypki && cd mypki
18 $ zeasypki ca ecdsa ecdsa-root.com
19 $ zeasypki ca gost gost-root.ru
22 ca/ecdsa/ecdsa-root.com
25 $ print ca/ecdsa/ecdsa-root.com/*
29 * Optionally encrypt them (that also can be done with EE keypairs too):
30 $ zeasypki encrypt ca/ecdsa/ecdsa-root.com
31 [GnuPG is invoked here]
32 $ print ca/ecdsa/ecdsa-root.com/*
37 $ zeasypki new ee/ecdsa/ecdsa-root.com/some.domain.com
39 * Renew then EE keypairs:
40 $ zeasypki renew ee/ecdsa/ecdsa-root.com/some.domain.com
42 * To get DANE SHA256 fingerprint:
45 * To get full PEM-encoded keypair:
46 $ zeasypki keypair KEY
48 * To get remind (https://dianne.skoll.ca/projects/remind/) compatible
49 calendar of certificates expiration times: