Orange colored text describes functional differences in previous 3.x releases
...
The key store file must be in either of the following two formats:
- PKCS#7 (recommended)
This format is a common format used to export and transmit public certificates. It can hold multiple certificates and is therefore often referred to as a p7 bundle – hence the commonly used file suffix p7b. It is defined in RFC 2315. Note that the file needs to be in DER encoded (binary) format. - BouncyCastle
This format is usually represented by a file suffix of bks. It is supported mainly for backward compatibility reasons. The key store must be a BKS type BouncyCastle key store. For details on how to create such a key store, please refer to S/MIME.
...
Attribute | Format | Reference |
---|---|---|
userSMIMECertificate | PKCS#7 (p7m) signed message format with single certificate or certificate chain | RFC 2315: PKCS #7: Cryptographic Message Syntax |
userCertificate | DER binary (base-64 encoded) or PEM (ascii encoded) single X.509 certificate | RFC 4523: LDAP Schema Definitions for X.509 Certificates |
...
S/Notify can optionally search for S/MIME certificates on an external LDAP server (outside Jira's configuration).
Info | ||
---|---|---|
| ||
Note that, in order to retrieve a user's S/MIME certificate, their email address needs to be sent to the server. If the LDAP server is outside your company's own infrastructure, you may be required to inform your users about this use of their email address, depending on your and/or your users jurisdiction. Legislation around personal identifiable information (PII) varies across different jurisdictions (GDPR, HIPAA, PCI etc.), so please check what applies in your case. |
Hostname
The domain of the LDAP server, excluding the protocol part.
...
The key store file must be in either of the following two formats:
- ASCII-Armored
This format is a common format used to export and transmit public keys. It is, as the name implies, encoded fully in ASCII. Usual file endings are: asc, txt - PGP Binary
PGP binary file format. Usual file endings are: pgp, gpg, pkr
...
In this section of the S/Notify configuration settings, you can provide an URL to a PGP key server that will be searched for PGP keys to encrypt with.
Info | ||
---|---|---|
| ||
Note that, in order to retrieve a user's PGP key, their email address needs to be sent to the server. If the key server is outside your company's own infrastructure, you may be required to inform your users about this use of their email address, depending on your and/or your users jurisdiction. Legislation around personal identifiable information (PII) varies across different jurisdictions (GDPR, HIPAA, PCI etc.), so please check what applies in your case. |
Key server location
Provide the URL to an HKP or LDAP key server. Use this setting to administrate PGP keys centrally instead of requiring each user to provide his or her own PGP key.
...