ftw-pki-caroot-creator 0.0.3a1

A specialized tool for automated and deterministic Root CA creation within the FTW PKI ecosystem.

ftw-pki-caroot-creator

[]

The authoritative Root Certificate Authority (Root CA) creation tool of the ftw-pki suite. This repository provides the ftwpkicaroot executable, specifically designed for the initial generation of the Root CA.

🛠 Features

• Root CA Initialization: Dedicated logic to generate the ultimate anchor of trust for the entire PKI infrastructure.
• Security-First Lifecycle: Designed as a temporary tool. Once the Root CA is established, this program should be decommissioned to minimize the system's attack surface.
• Hardened Passphrase Support: Works in conjunction with ftw-pki-password to handle high-entropy passphrases (~80+ characters).
• Standard Compliance: Generates X.509 root certificates following strict security profiles.

📖 Documentation & Usage

Note on Security: This program is intended for the creation of the Root CA only. For ongoing signing operations, a separate, dedicated signing tool is used.

• Usage: The ftwpkicaroot utility handles the lifecycle of the Root CA's initial setup. Run ftwpkicaroot --help for available commands.
• Post-Setup Recommendation: After successfully creating and backing up the Root CA, it is highly recommended to uninstall this package and remove the executable from the environment.
• Technical Manual: Detailed security considerations and operational guides are located in the doc/source/ directory.

📄 License

This project is licensed under the LGPL v2.1 (or later).

---

© 2026 ftw-pki Contributors