'''Public Key Infrastructure for Tcl''' [Tcllib] now has a "PKI" module. This module includes support for RSA certificates, but is extensible to include other types of public key cryptographic systems. ** Documentation ** [http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt%|%X.509 Style Guide] ,Peter Gutmann: ** Tools ** [Tcllib pki]: [http://www.rkeene.org/projects/info/wiki/TclPKCS11%|%TclPKCS11] , by [Roy Keene]: supports loading a PKCS#11 compliant module and offloading sensitive cryptographic operations onto it. It requires the "PKI" module in Tcllib. ** Create a self-signed certificate under PKI ** ====== set key [pki::rsa::generate 512] set csr [pki::pkcs::create_csr $key [list CN www.google.com] 1] set csr [pki::pkcs::parse_csr $csr] lappend key subject "CN=www.google.com" set crt [::pki::x509::create_cert $csr $key 1 [clock seconds] [clock seconds] 1 [list] 1] ====== or, wrapped as a proc: ====== proc self_sign {key args} { set csr [pki::pkcs::create_csr $key $args 1] set csr [pki::pkcs::parse_csr $csr] dict for {n v} $args {lappend subject "$n=$v"} lappend key subject [join $subject ", "] set crt [::pki::x509::create_cert $csr $key 1 [clock seconds] [clock seconds] 1 [list] 1] } self_sign [pki::rsa::generate 512] ... ====== <> Package