Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Dear sirs and ladies
gnupg-users at gnupg
Jul 25, 2023, 9:31 AM
Post #1 of 3 (126 views)
Permalink
Dear sirs and ladies!

I have installed Nethogs. I noticed sent traffic always matches recieved traffic
almost at a 100/100 basis.

This traffic pattern never occurs in Debian surveying traffic with nethogs. I am
curious as to why if I may ask?




Thank you.




Best regards

XYZ
Re: Dear sirs and ladies [ In reply to ]
gnupg-users at gnupg
Aug 24, 2023, 2:54 AM
Post #2 of 3 (113 views)
Permalink
On Thu, 24 Aug 2023 06:07, Stuart Longland said:

> No, you need `openssl` for that.

Actually you can do that as well with GnuPG.

gpgsm --gen-key

creates either a CSR or a self-signed cert. You can build a CA with it.
This requires a parameter file. For example create a file
wiki.example.org.parm:

--8<---------------cut here---------------start------------->8---
Key-Type: RSA
Key-Length: 2048
Key-Usage: sign, encrypt
Name-DN: CN=wiki,O=example,C=org
Name-DNS: wiki.example.org
Serial: random
Issuer-DN: CN=MY-ROOT-CA,O=example,C=DE
Signing-Key: 184977136DA4D5C90C202F22E3812012ABCD7174
--8<---------------cut here---------------end--------------->8---

The signing key is the keygrip of the ROOT-CA.

Now run

gpgsm --gen-key --batch -a -o wiki.example.org.pem wiki.example.org.parm

(usually you won't use a passphrase) and then run

gpgsm --import wiki.example.org.pem

To export the private key you may use

gpgsm --export-secret-key-raw -a wiki.example.org > wiki.example.org-key.pem


All from memory - I should write a proper HOWTO. We use this for all
internal certificates here in the company with the ROOT-CA's key stored
on a smartcard.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Re: Dear sirs and ladies [ In reply to ]
gnupg-users at gnupg
Aug 26, 2023, 1:32 AM
Post #3 of 3 (113 views)
Permalink
You are a very helpful person. Thank you sir.



> On Thursday, 24. August 2023 9:54, Werner Koch via Gnupg-users
> [/webmail/send?to=gnupg-users@gnupg.org] wrote:
>
>
>
> On Thu, 24 Aug 2023 06:07, Stuart Longland said:
>
> > No, you need `openssl` for that.
>
> Actually you can do that as well with GnuPG.
>
> gpgsm --gen-key
>
> creates either a CSR or a self-signed cert. You can build a CA with it.
> This requires a parameter file. For example create a file
> wiki.example.org.parm:
>
> --8<---------------cut here---------------start------------->8---
> Key-Type: RSA
> Key-Length: 2048
> Key-Usage: sign, encrypt
> Name-DN: CN=wiki,O=example,C=org
> Name-DNS: wiki.example.org
> Serial: random
> Issuer-DN: CN=MY-ROOT-CA,O=example,C=DE
> Signing-Key: 184977136DA4D5C90C202F22E3812012ABCD7174
> --8<---------------cut here---------------end--------------->8---
>
> The signing key is the keygrip of the ROOT-CA.
>
> Now run
>
> gpgsm --gen-key --batch -a -o wiki.example.org.pem wiki.example.org.parm
>
> (usually you won't use a passphrase) and then run
>
> gpgsm --import wiki.example.org.pem
>
> To export the private key you may use
>
> gpgsm --export-secret-key-raw -a wiki.example.org > wiki.example.org-key.pem
>
> All from memory - I should write a proper HOWTO. We use this for all
> internal certificates here in the company with the ROOT-CA's key stored
> on a smartcard.
>
> Salam-Shalom,
>
> Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal