SektionEins is delighted to announce the release of the open source µ-CA-Tool.
The µ-CA-Tool (pronounced 'micro CA tool') is a high-level CLI frontend for OpenSSL, OpenSC and GnuPG, written in Bash. It has been developed to simplify the handling and management of X.509 certificates with and without private keys stored on hardware tokens.
X.509 certificates are commonly used for
In each instance it is best to keep the private key part of the certificate private. A SmartCard can hold the private key and perform the encryption or signing operation without divulging the key. In order for this to work, the following tasks are common in advance and can be done with the µ-CA-Tool:
The µ-CA-Tool was developed with focus on Nitrokey Pro and Crypto Stick. However other OpenPGP-Cards and PKCS#11 compliant SmartCards should work as well, e.g. Nitrokey Storage, Yubikey Neo or the FSFE Fellowship Smart Card.