From a2ae82477dfb413e7151aef15403440fc43bba94 Mon Sep 17 00:00:00 2001
From: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>
Date: Sat, 4 May 2019 16:48:46 +0200
Subject: [PATCH 1/2] Add x509-type for email certificates

---
 easyrsa3/x509-types/email | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 easyrsa3/x509-types/email

diff --git a/easyrsa3/x509-types/email b/easyrsa3/x509-types/email
new file mode 100644
index 0000000..ccd6b13
--- /dev/null
+++ b/easyrsa3/x509-types/email
@@ -0,0 +1,8 @@
+# X509 extensions for email
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = emailProtection
+keyUsage = digitalSignature,keyEncipherment
+

From d228fbc79659d63586a4d2e7f07c5c0c1ce046d1 Mon Sep 17 00:00:00 2001
From: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>
Date: Mon, 6 May 2019 23:52:55 +0200
Subject: [PATCH 2/2] Set nonRepudiation bit for email certificates

---
 easyrsa3/x509-types/email | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/easyrsa3/x509-types/email b/easyrsa3/x509-types/email
index ccd6b13..7daa88e 100644
--- a/easyrsa3/x509-types/email
+++ b/easyrsa3/x509-types/email
@@ -4,5 +4,5 @@ basicConstraints = CA:FALSE
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = emailProtection
-keyUsage = digitalSignature,keyEncipherment
+keyUsage = digitalSignature,keyEncipherment,nonRepudiation