On Sun, Oct 20, 2019 at 1:18 PM Michael Richardson
<mcr+ietf(_at_)sandelman(_dot_)ca>
wrote:
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> wrote:
> *A) Generate*
> The commands for generating, exporting and importing a key from the
CLI
> would probably look something like the following. Since I am
thinking of
> the general case, the key fingerprints used as UDF content digests
rather
> than OpenPGP but this is largely because it was easier to cut and
paste
> from my docs rather than find another.
Being able to split off the private key generation for PGP, SSH,
certificates,
etc. might be a serious boon to the ecosystem I think.
I am planning to layer in ACME support in the mesh key management tool. So
it will be able to automate generation and distribution of the certs for
all your embedded devices.
This will use meta-cryptography. Which means that once the device has been
connected up to the management system, it never needs to do additional
keygen. The key presented to the CA is the composite of the device key and
the cert manager key.
Centralizing key management in one tool works both ways. It allows people
who are managing their SSH keys with the tool can also add PGP easily.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp