User Settings - S/Notify for Confluence
User Profile
Users can display and optionally manage their own public S/MIME certificate and/or PGP key that is used for encrypting emails sent to them.
Email Security
In each user's profile, S/Notify adds a section for Email Security that displays information about the selected S/MIME certificate and/or PGP key, if available yet. To display the S/Notify section in the user profile, select Profile from the user menu (top right), then click on Settings at the top, and finally select Email Security on the left.
The field Origin provides information about how the certificate or key has been provided – from the user or the key store, key server, or LDAP server.
Note that certificates and keys are retrieved only when they are needed to encrypt an outgoing email, so the information displayed here will not be available until then.
When S/Notify has been configured in Encryption Settings to allow user override, users can upload their own S/MIME certificate and/or PGP key from here.
Note that, if S/Notify has been configured to use S/MIME only or PGP only, the respective other option is hidden from the user profile.
S/MIME
If S/MIME is selected, this section displays information about the user's S/MIME certificate.
To upload an S/MIME certificate, make sure you select S/MIME, then provide an S/MIME certificate file in PEM or DER format to upload.
PEM is a base-64 encoded text format, while DER is a binary format. Suitable certificate files usually have on of the following file name suffixes: pem, der, cer, crt. A file name suffix p12 is not suitable – this is used to export private certificates which we do not want in this case.
Note that only the user's public certificate key is required. Therefore, it does not induce any security risk to upload the public certificate key.
PGP
If PGP is selected, this section displays information about the user's PGP key.
To upload a PGP key, make sure you select PGP, then provide a PGP key file in ASCII-armored or GPG binary export format (usually having file suffix asc and gpg, respectively).
Note that only the user's public key is required. Therefore, it does not induce any security risk to upload the public PGP key.