BMO/Keys

From MozillaWiki
< BMO
Jump to: navigation, search

Bugzilla considers certain groups as "secure". If a bug is in one of those groups, Bugzilla will not send unencrypted email about it. If you are a member of one of those groups, Bugzilla will not send you unencrypted password reset email. To receive encrypted email rather than just a "something changed" placeholder, you must provide either a S/MIME or a GPG/PGP key on the SecureMail preferences tab.

S/MIME

  • S/MIME Keys must be in PEM format - i.e. Base64-encoded text, with BEGIN CERTIFICATE.

You can get a free S/MIME certificate for your Bugzilla email address from StartCom. Once you have it, export it from your browser as a .p12 file and import it into your mail client. You'll need to provide a password when you export - pick a strong one, and then back up this file somewhere safe.

Then, you need to convert it to a .pem file. If you have OpenSSL installed, one way is as follows: 

openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

Open the .pem file in a text editor. You can recognise the public key because it starts "BEGIN CERTIFICATE" and ends "END CERTIFICATE" and has an appropriate friendly name (e.g. "StartCom Free Certificate Member's StartCom Ltd. ID"). You need to copy the delimiters. It is not the section beginning "BEGIN RSA PRIVATE KEY", and it is not any of the intermediate certificates or root certificates.

Note: the .pem file has your private key in plaintext. Delete it once you have copied the public key out of it!

GPG/PGP

  • PGP keys must be ASCII-armoured - i.e. text, with BEGIN PGP PUBLIC KEY.

To create your own public key if you do not yet have one, then do the following:

1. Install the GPG suite of utilities for your operating system.

http://www.gnupg.org/download/index.en.html

2. Generate a private key. 

gpg --gen-key

You’ll have to answer several questions:

  • What kind and size of key you want; the defaults are probably good enough.
  • How long the key should be valid; you can safely choose a non-expiring key.
  • Your real name and e-mail address; these are necessary for identifying your key in a larger set of keys.
  • A comment for your key; the comment can be empty.
  • A passphrase. Whatever you do, don’t forget it! Your key, and all your encrypted files, will be useless if you do.

3. Generate an ASCII version of your public key. 

gpg --armor --output pubkey.txt --export 'Your Name'

Paste the contents of pubkey.txt into the SecureMail text field in Bugzilla. You will need to configure your email client to use your associated private key to decrypt the encrypted emails from Bugzilla.

Further reading: http://www.madboa.com/geek/gpg-quickstart/

Retrieved from "https://wiki.mozilla.org/index.php?title=BMO/Keys&oldid=304516"