Re: [OT] Where to buy S/MIME ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/27/2018 03:33 PM, Gordon Messmer wrote:
On 11/25/18 5:35 AM, Alice Wonder wrote:
The "free for personal" S/MIME from Comodo didn't work. Browser said it did but there was nothing to export for me to then import. I suspect it is because I used private browser window,


Probably, yes.  I've used that service in the past without issue.


I really don't like the idea of a private key stored in browser anyway. And it never asked for a password to encrypt the private key


Setting a password will protect all of the certificates stored by Firefox.  Select: Preferences -> Privacy and Security -> Security Devices (under Certificates) -> Software Security Device -> Change password

Chrome may have a similar option, but I don't see it and I don't see documentation for it.\


nor let me specify key strength (only let me choose between medium and high - I assume high is 4096 but I don't know, it didn't say)


There's very little harm in getting a certificate and examining it to find out.  You can destroy it later with no ill effect.



I actually went for a more complex scenario, I've created my own CA complete with CRL.

It's nice because with S/MIME you really want two certs - one for signing (where ecdsa can be used) and one for when you need to receive encrypted. And I have multiple e-mail accounts I want to do thus with.

Could have done self-signed too but this at least allows me to revoke if a device like laptop or phone w/ private key is stolen.

Does mean those who want to confirm my messages have to import my root key but that's for them to decide.

Web browsers are applications that exist for the explicit purpose of downloading and executing untrusted code. It does not seem like that is a very wise environment to use for generating long term cryptography keys. It really doesn't.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux