implement openpgp2x509
We currently allow translating keys from @pem2openpgp@, and from @opengp2ssh@, but we don't yet have @openpgp2x509@.
It would be great to be able to generate a simple, self-signed X.509 certificate from an OpenPGP secret key, making sensible guesses for the X.509 parameters from the OpenPGP key info.
Examples of sensible guesses for end user keys:
- the DN would be based on the primary user ID, split into @/CN="real name"/eMailAddress="foo@example"/@ for standard rfc 2822-style user ids (what to do with a comment?)
- the X.509 validity and expiration times should be based on the OpenPGP validity and expiration times
- something with subjectAltNames?
It would also be nice to be able to generate an X.509 certificate request instead of a self-signed cert, in case people want to have a path through X.509 as well.
(from redmine: created on 2010-03-23)
Edited by John Scott