[%#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla SecureMail Extension.
#
# The Initial Developer of the Original Code is the Mozilla Foundation.
# Portions created by Mozilla are Copyright (C) 2008 Mozilla Foundation.
# All Rights Reserved.
#
# Contributor(s): Max Kanat-Alexander
In addition, if you have uploaded a S/MIME or GPG/PGP key using the
SecureMail preferences tab, if you request your password to be reset, [% terms.Bugzilla %] will send the reset email encrypted and you will
be required to decrypt it to view the reset instructions.
S/MIME
S/MIME Keys must be in PEM format - i.e. Base64-encoded text, with the first line containing BEGIN CERTIFICATE.
S/MIME certificates can be obtained from a number of providers. You can get a free one from StartCom. Once you have it, export it from your browser as a .p12 file and import it into your mail client. You'll need to provide a password when you export - pick a strong one, and then back up the .p12 file somewhere safe.
Then, you need to convert it to a .pem file. If you have OpenSSL installed, one way is as follows:
openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes
Open the .pem file in a text editor. You can recognise the public key because it starts "BEGIN CERTIFICATE" and ends "END CERTIFICATE" and has an appropriate friendly name (e.g. "StartCom Free Certificate Member's StartCom Ltd. ID"). It is not the section beginning "BEGIN RSA PRIVATE KEY", and it is not any of the intermediate certificates or root certificates.
Note: the .pem file has your private key in plaintext. Delete it once you have copied the public key out of it!
If you already have your own PGP key in a keyring, skip straight to step 3. Otherwise:
Generate a private key.
gpg --gen-key
You’ll have to answer several questions:
Generate an ASCII version of your public key.
gpg --armor --output pubkey.txt --export 'Your Name'
Paste the contents of pubkey.txt into the SecureMail text field in [% terms.Bugzilla %].
Further reading: GPG Quickstart. [% PROCESS global/footer.html.tmpl %]