sm: Create ECC certificates with AKI and SKI by default.

* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--
GnuPG-bug-id: 4098

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 18 insertions, 2 deletions

diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 4298e4350..0579be3ba 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -1099,10 +1099,12 @@ General Parameters:
 @item Key-Type: @var{algo}
 Starts a new parameter block by giving the type of the primary
 key. The algorithm must be capable of signing.  This is a required
-parameter.  The only supported value for @var{algo} is @samp{rsa}.
+parameter.  The supported values for @var{algo} are @samp{rsa},
+@samp{ecdsa}, and @samp{eddsa}.
 
 @item Key-Length: @var{nbits}
-The requested length of a generated key in bits.  Defaults to 3072.
+The requested length of a generated key in bits.  Defaults to
+3072. The value is ignored for ECC algorithms.
 
 @item Key-Grip: @var{hexstring}
 This is optional and used to generate a CSR or certificate for an
@@ -1175,6 +1177,20 @@ algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and
 @samp{sha512}; they may also be specified with uppercase letters.  The
 default is @samp{sha256}.
 
+@item Authority-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as authorityKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the certified public key is used as authorityKeyIdentifier.  To
+inhibit any authorityKeyIdentifier use the special value @code{none}
+for @var{hexstring}.
+
+@item Subject-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as subjectKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the signing key is used as authorityKeyIdentifier.  To inhibit any
+subjectKeyIdentifier use the special value @code{none} for
+@var{hexstring}.
+
 @end table
 
 @c *******************************************