Metadata-Version: 2.4
Name: ftw-pki-caroot-signer
Version: 0.0.3a1
Summary: A specialized tool for signing Root CA certificates within the FTW PKI ecosystem.
Author-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
Maintainer-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
License-Expression: LGPL-2.1-or-later
Project-URL: Homepage, https://github.com/fitzz-ftw/ftw-pki-caroot-signer
Project-URL: Documentation, https://ftw-pki-caroot-signer.readthedocs.io/
Project-URL: Repository, https://github.com/fitzz-ftw/ftw-pki-caroot-signer.git
Project-URL: Issues, https://github.com/fitzz-ftw/ftw-pki-caroot-signer/issues
Project-URL: Changelog, https://github.com/fitzz-ftw/ftw-pki-caroot-signer/blob/main/CHANGELOG.md
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: Python :: 3.15
Classifier: Topic :: Security
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: ftw-pki-libs
Provides-Extra: doc
Requires-Dist: sphinx<9.0.0; extra == "doc"
Requires-Dist: myst-parser; extra == "doc"
Requires-Dist: sphinx-argparse; extra == "doc"
Requires-Dist: autoclasstoc; extra == "doc"
Requires-Dist: sphinx-nefertiti; extra == "doc"
Requires-Dist: sphinx-copybutton; extra == "doc"
Requires-Dist: sphinx-design; extra == "doc"
Requires-Dist: sphinx-mdinclude; extra == "doc"
Requires-Dist: sphinxcontrib-mermaid; extra == "doc"
Provides-Extra: dev
Requires-Dist: ftw-pki-caroot-signer[doc,lint,test]; extra == "dev"
Requires-Dist: esbonio==0.16.5; extra == "dev"
Provides-Extra: lint
Requires-Dist: ruff; extra == "lint"
Provides-Extra: test
Requires-Dist: pytest; extra == "test"
Requires-Dist: pytest-mock; extra == "test"
Requires-Dist: pytest-cov; extra == "test"
Requires-Dist: ftw-devtools; extra == "test"

# ftw-pki-caroot-signer

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![License: LGPL v2.1](https://img.shields.io/badge/License-LGPL_v2.1-blue.svg)](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html)
[![Coverage: 100%](https://img.shields.io/badge/coverage-100%25-brightgreen.svg)]

A specialized signing utility within the **ftw-pki** suite, dedicated to the Root CA signing process.

## 🛠 Features

* **Intermediate Issuance:** Strictly designed to sign Intermediate CAs. It does not support signing leaf certificates (end-entities).
* **Root Authority Integration:** Built to operate with the Root CA structures managed by `ftw-pki-caroot`.
* **Standard Enforcement:** Ensures that all issued intermediate certificates comply with the required X.509 extensions and security profiles.

## 📖 Documentation & Usage

The `ftwpkicarootsigner` is the primary tool for establishing the second tier of the PKI hierarchy.

* **Usage:** Processes CSRs provided by the intermediate component. Run `ftwpkicarootsigner --help` for available commands and options.
* **Operational Security:** This tool requires access to the Root CA private key and should be operated according to your organization's security policy.
* **Technical Details:** Further information on the signing logic is available in the `doc/source/` directory.

## 📄 License

This project is licensed under the **LGPL v2.1 (or later)**.

---
© 2026 ftw-pki Contributors
