Hi debian mentors. I am looking for a sponsor for two packages : newpki-server : PKI based on the OpenSSL low-level API (server package) newpki-client : PKI based on the OpenSSL low-level API (client package) Here is the story : as a journalist for a french magazine, I was asked to write an article about PKI's. PKI's are systems designed to manage cetificates on a long term (creation, revocation, etc). The first think I did was an "apt-cache search pki" and... surprisingly found (almost) nothing ! After some investigations on Google, it appeared that, except openCA et idx-pki, a promising software exists : NewPKI. Produced by Frederic Giudicelli (french person too), NewPKI is a C++ client-server software. The server part uses a MySQL database to keep all certificates, and the client part is a WxWindows GUI used to manage the server. As there are my first packages, I've tried my best to make them well. Instead of running as root, the server part runs as unauthorised user "newpki", and manual changes to configuration files are kept on upgrade. It will need some work to validate and maybe correct the scripts and comments, but not so much. Frederic Giudicelli is motivated, as I am, to see his software entering the Debian pools. This software is GPL v2 licensed. I've supposed it should take place in section "utils" as OpenSSL is. Packages are available at http://moz.free.fr/newpki/ and the author page is at http://www.newpki.org Description: PKI based on the OpenSSL low-level API (client package) All the datas are handled through a database, which provides a much more flexible PKI than with OpenSSL, such as seeking a certificate with a search engine. . There is an SQL abstraction layer, the one provided is for a MySQL database. . NewPKI is developed in c++, there are only a few public classes, which allows to handle any kind of application, a standalone, a PHP module, or to easily integrate NewPKI in an existing project. . Here are the key features of the actual version of NewPKI: - Handling of multiple CAs in one server. - Publish a certificate request from CSR. - Publish a certificate request, by specifying the DN fields. - Certify a request, specifying the DN Policy and the certificate extension. - Revoke a certificate. - Generate the CRL. - Search for the waiting requests, or the certificates. - OCSP responder. - LDAP seek and publication. The newpki-client package is lintian clean. The newpki-server report a warning due to the option "start at boot" which optionnaly update-rc.d depending on the customer answer. So I'm looking for a sponsor, please have a look Best regards, -- Thomas Dupouy moz@gmx.fr ---------------------------------------------------------------------- GnuPG public key ID : 35293BA8ECA61F4E GnuPG fingerprint : E71F DAB5 987B CCC9 FF56 38FE 3529 3BA8 ECA6 1F4E ----------------------------------------------------------------------
Attachment:
pgpquFMIBkZRW.pgp
Description: PGP signature