My final degree project, alive again — a decade later.
gnoMint is a visual X.509 Certification Authority (CA) manager for GNU/Linux. I started it in 2004 as my final degree project; it reached its last stable release in 2016 (1.3.0 “Sha Sha dance”) and then went on hiatus. In May 2026 I published 1.4.0 “Lazarus”, which integrates a decade of community patches from the Debian downstream, modernises the build, adds an automated test suite, supports Y2K38, and brings several new features.
What it does
- Create and manage Certification Authorities, root or intermediate, with per-CA configurable policies.
- Generate CSRs (Certificate Signing Requests), sign them and issue the resulting certificates.
- Import and export in PEM, PKCS#12 and PKCS#8 formats, with optional encryption of private keys.
- Subject Alternative Names (SANs) supported across the workflow: editor when creating a CA or CSR, display in property dialogs, parsing of existing certificates.
- Revocation lists (CRLs): generate, export, and revoke individual certificates or whole CAs.
- Storage in SQLite databases (
.gnomint), one per CA. Compliant with the XDG Base Directory Specification. - Two interfaces, one codebase: GTK 3 GUI (
gnomint) and readline CLI (gnomint-cli) sharing most of the source. - SHA-512 by default, SHA-256 available. Y2K38-safe:
time_tforced to 64-bit even on 32-bit systems. - Internationalised in 13 languages via gettext.
Technology
C + GTK 3 + GnuTLS + libgcrypt + SQLite 3, built with autotools. Test suite with a static GtkBuilder .ui consistency checker and a runtime GUI workflow regression test running under a headless Wayland compositor. Devcontainer and GitHub Actions configured for reproducible builds.
Status and downloads
Current version: 1.4.0 “Lazarus” (2026.05.19). Source code and releases at github.com/davefx/gnoMint. Historical project page at gnomint.sourceforge.net. Licence: GPL.