On 11/27/2018 03:33 PM, Gordon Messmer wrote:
On 11/25/18 5:35 AM, Alice Wonder wrote:
The "free for personal" S/MIME from Comodo didn't work. Browser said
it did but there was nothing to export for me to then import. I
suspect it is because I used private browser window,
Probably, yes. I've used that service in the past without issue.
I really don't like the idea of a private key stored in browser
anyway. And it never asked for a password to encrypt the private key
Setting a password will protect all of the certificates stored by
Firefox. Select: Preferences -> Privacy and Security -> Security
Devices (under Certificates) -> Software Security Device -> Change password
Chrome may have a similar option, but I don't see it and I don't see
documentation for it.\
nor let me specify key strength (only let me choose between medium and
high - I assume high is 4096 but I don't know, it didn't say)
There's very little harm in getting a certificate and examining it to
find out. You can destroy it later with no ill effect.
I actually went for a more complex scenario, I've created my own CA
complete with CRL.
It's nice because with S/MIME you really want two certs - one for
signing (where ecdsa can be used) and one for when you need to receive
encrypted. And I have multiple e-mail accounts I want to do thus with.
Could have done self-signed too but this at least allows me to revoke if
a device like laptop or phone w/ private key is stolen.
Does mean those who want to confirm my messages have to import my root
key but that's for them to decide.
Web browsers are applications that exist for the explicit purpose of
downloading and executing untrusted code. It does not seem like that is
a very wise environment to use for generating long term cryptography
keys. It really doesn't.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
