Metadata-Version: 2.4
Name: ftw-pki-caroot-creator
Version: 0.0.3a1
Summary: A specialized tool for automated and deterministic Root CA creation within the FTW PKI ecosystem.
Author-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
Maintainer-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
License-Expression: LGPL-2.1-or-later
Project-URL: Documentation, https://github.com/fitzz-ftw/ftw-pki-caroot-creator/blob/main/README.md
Project-URL: Homepage, https://github.com/fitzz-ftw/ftw-pki-caroot-creator
Project-URL: Issues, https://github.com/fitzz-ftw/ftw-pki-caroot-creator/issues
Project-URL: Repository, https://github.com/fitzz-ftw/ftw-pki-caroot-creator.git
Project-URL: Changelog, https://github.com/fitzz-ftw/ftw-pki-caroot-creator/blob/main/CHANGELOG.md
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Build Tools
Classifier: Topic :: Text Processing :: Filters
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: Python :: 3.15
Classifier: Operating System :: OS Independent
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE.GPL2
Requires-Dist: ftw-pki-libs
Provides-Extra: doc
Requires-Dist: sphinx<9.0.0; extra == "doc"
Requires-Dist: myst-parser; extra == "doc"
Requires-Dist: sphinx-argparse; extra == "doc"
Requires-Dist: autoclasstoc; extra == "doc"
Requires-Dist: sphinx-nefertiti; extra == "doc"
Requires-Dist: sphinx-copybutton; extra == "doc"
Requires-Dist: sphinx-design; extra == "doc"
Requires-Dist: sphinx-mdinclude; extra == "doc"
Requires-Dist: sphinxcontrib-mermaid; extra == "doc"
Provides-Extra: dev
Requires-Dist: ftw-pki-caroot-creator[doc,lint,test]; extra == "dev"
Requires-Dist: esbonio==0.16.5; extra == "dev"
Provides-Extra: lint
Requires-Dist: ruff; extra == "lint"
Provides-Extra: test
Requires-Dist: pytest; extra == "test"
Requires-Dist: pytest-mock; extra == "test"
Requires-Dist: pytest-cov; extra == "test"
Requires-Dist: ftw-devtools; extra == "test"
Dynamic: license-file

# ftw-pki-caroot-creator

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![License: LGPL v2.1](https://img.shields.io/badge/License-LGPL_v2.1-blue.svg)](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html)
[![Coverage: 100%](https://img.shields.io/badge/coverage-100%25-brightgreen.svg)]

The authoritative Root Certificate Authority (Root CA) creation tool of the **ftw-pki** suite. This repository provides the `ftwpkicaroot` executable, specifically designed for the initial generation of the Root CA.

## 🛠 Features

* **Root CA Initialization:** Dedicated logic to generate the ultimate anchor of trust for the entire PKI infrastructure.
* **Security-First Lifecycle:** Designed as a temporary tool. Once the Root CA is established, this program should be decommissioned to minimize the system's attack surface.
* **Hardened Passphrase Support:** Works in conjunction with `ftw-pki-password` to handle high-entropy passphrases (~80+ characters).
* **Standard Compliance:** Generates X.509 root certificates following strict security profiles.

## 📖 Documentation & Usage

**Note on Security:** This program is intended for the creation of the Root CA only. For ongoing signing operations, a separate, dedicated signing tool is used.

* **Usage:** The `ftwpkicaroot` utility handles the lifecycle of the Root CA's initial setup. Run `ftwpkicaroot --help` for available commands.
* **Post-Setup Recommendation:** After successfully creating and backing up the Root CA, it is highly recommended to uninstall this package and remove the executable from the environment.
* **Technical Manual:** Detailed security considerations and operational guides are located in the `doc/source/` directory.

## 📄 License

This project is licensed under the **LGPL v2.1 (or later)**.

---
© 2026 ftw-pki Contributors
