include extension for OpenPGP creation timestamp in X.509 output
Open, NormalPublic


the X.509v3 extension for specifying the OpenPGP timestamp is a useful mechanism for being able to create an OpenPGP fingerprint for clients that want OpenPGP certification as corroboration for an X.509 certificate. It would be great if gpgsm --batch --generate-key could add a new option that emits this extension in a CSR or certificate.


dkg created this task.May 12 2019, 1:01 AM
werner triaged this task as Normal priority.May 14 2019, 10:42 AM
werner added a subscriber: werner.

Thanks for the hint on the existing OID I already looked into that and planned to use one from the GnuPG arc, But an existing OID is better. I still need to figure useful workflows but something like this will be useful for smartcards..