840279 - please add -nokeys to the S/MIME export example

Status: RESOLVED FIXED

(bugzilla.mozilla.org :: Extensions, defect)

Description

[Daniel Veditz [:dveditz]]

The SecureMail help page cautions people not to use the private key part of the exported PEM file, but it's safer if they don't even export that in the first place. Please change the example openssl command line to

   openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes -nokeys

... that is, add the -nokeys argument.

Then you can drop the warnings about the .pem file containing the private key, it's safe to leave the file around at that point since it's all public data.

Comment 1

[Daniel Veditz [:dveditz]]

The page URL is  https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html
(in case the URL field gets changed, plus easier to find in a comment sometimes).

Comment 2

[Gervase Markham [:gerv]]

Attachment: Patch v.1

Good idea. Will this do?

Gerv

Comment 3

[Daniel Veditz [:dveditz]]

Comment on attachment 712840 [details] [diff] [review]
Patch v.1

that works, r=dveditz

Comment 4

[Gervase Markham [:gerv]]

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/extensions/securemail/4.0/   
modified template/en/default/pages/securemail/help.html.tmpl
Committed revision 25

glob/dkl: can you pull this change into the relevant bmo branches?

Gerv

Comment 5

[David Lawrence [:dkl]]

Done

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0             
modified extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl
Committed revision 8479

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2             
modified extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl
Committed revision 8547

dkl