ndnsec-cert-gen¶

Synopsis¶

ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-I info]… [-s signer] [-i issuer] file

Description¶

ndnsec-cert-gen takes a signing request as input and issues an identity certificate for the key in the signing request. The signing request can be created with ndnsec-key-gen and can be re-generated with ndnsec-sign-req.

By default, the default key is used to sign the issued certificate.

file is the name of a file that contains the signing request. If file is “-”, the signing request is read from the standard input.

The generated certificate is written to the standard output in base64 encoding.

Options¶

-S <timestamp>, --not-before <timestamp>¶: Date and time when the certificate becomes valid, in “YYYYMMDDhhmmss” format. The default value is now.

-E <timestamp>, --not-after <timestamp>¶: Date and time when the certificate expires, in “YYYYMMDDhhmmss” format. The default value is 365 days after the –not-before timestamp.

-I <info>, --info <info>¶

Other information to be included in the issued certificate. Must be in the form of key and value pairs, where the key is an arbitrary string without spaces, followed by one or more spaces, followed by an arbitrary string representing the value. This option may be repeated multiple times.

For example:

-I "affiliation Some Organization" -I "homepage https://home.page/"

-s <signer>, --sign-id <signer>¶: Signing identity. The default key/certificate of signer will be used to sign the requested certificate. If this option is not specified, the system default identity will be used.

-i <issuer>, --issuer-id <issuer>¶: Issuer’s ID to be included in the issued certificate name. The default value is “NA”.

Example¶

$ ndnsec-cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert

$ cat signed.cert
Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR
Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv
E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu
MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A
/Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk
/QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i
YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC
ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU=

$ ndnsec-cert-dump -p -f signed.cert
Certificate Name:
  /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82
Additional Description:
  affiliation: Some Organization
  foobar: Foo Bar
Public Key:
  Key Type: 256-bit EC
  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6
  pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA==
Validity:
  Not Before: 2020-05-01T00:00:00
  Not After: 2021-01-01T00:00:00
Signature Information:
  Signature Type: SignatureSha256WithEcdsa
  Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95

ndn-cxx: NDN C++ library with eXperimental eXtensions 0.8.1 documentation

ndnsec-cert-gen¶

Synopsis¶

Description¶

Options¶

Example¶

Table of Contents

Developer Documentation

Search