zeasypki -- easy PKI
This is helper script for managing X.509 TLS PKI.
-ECDSA keypairs are handled with GnuTLS'es certtool.
-GOST keypairs are handled with PyGOST'es utilities
-(http://www.pygost.cypherpunks.ru).
+ECDSA and EdDSA keypairs are handled with GnuTLS'es certtool.
+GOST keypairs are handled with GoGOST'es utilities
+(http://www.gogost.cypherpunks.ru).
CA certificates have 10 years validity lifetime.
EE certificates have 365 days one.
-EE certificates contain only domain name and a country.
+EE certificates contain only domain name and optionally a country.
-Edit zeasypki to suit your needs and working environment. Probably you
-want to change goston(), that activates PyGOST venv and key encryption
-procedures.
+Edit zeasypki to suit your needs and working environment. Probably you want
+to change path-variable setting, that points to GoGOST'es built utilities.
* Create CA keypairs:
$ mkdir mypki && cd mypki
- $ zeasypki ca ecdsa ecdsa-root.com
+ $ zeasypki ca eddsa eddsa-root.com
$ zeasypki ca gost gost-root.ru
$ zeasypki list-ca
- ca/ecdsa/ecdsa-root.com
+ ca/eddsa/eddsa-root.com
ca/gost/gost-root.ru
- $ print ca/ecdsa/ecdsa-root.com/*
+ $ print ca/eddsa/eddsa-root.com/*
cer.pem
key.pem
* Optionally encrypt them (that also can be done with EE keypairs too):
- $ zeasypki encrypt ca/ecdsa/ecdsa-root.com
- [GnuPG is invoked here]
- $ print ca/ecdsa/ecdsa-root.com/*
+ $ zeasypki encrypt ca/eddsa/eddsa-root.com
+ [age is invoked here]
+ $ print ca/eddsa/eddsa-root.com/*
cer.pem
key.pem.enc
* Create EE keypairs:
- $ zeasypki new ee/ecdsa/ecdsa-root.com/some.domain.com
+ $ zeasypki new ee/eddsa/eddsa-root.com/some.domain.com
* Renew then EE keypairs:
- $ zeasypki renew ee/ecdsa/ecdsa-root.com/some.domain.com
+ $ zeasypki renew ee/eddsa/eddsa-root.com/some.domain.com
* To get DANE SHA256 fingerprint:
$ zeasypki dane KEY