Certificates

The use of certificates in e-mail communications

 

So-called S/MIME certificates serve two purposes in e-mail communications:

• Identification of the originator
• Preventing unauthorized access to the content

Originator identification:

The originator address in an e-mail can be easily fabricated. Certificates can be used to make the originator more trustworthy.

Certificates can be used to electronically sign an e-mail. The recipient’s e-mail program can then determine if the e-mail address and the electronic signature is trustworthy, so long as the owner of the e-mail address adheres to a couple of rules (see below).

Outlook marks e-mails containing a valid signature with "Signierte E-Mail":

Concealing the communications content from unauthorized persons

Certificates can be used to encrypt the content in an e-mail so that only an authorized recipient is able to read it. The e-mail address of the communications partner, plus the subject line of the e-mail, are not encrypted.

Guidelines for using certificates

Any member of the university can apply for a certificate to use with a TUM e-mail address. This is highly recommended for members of the university who frequently handle confidential information (exam results, employee data). [1].

A certificate consists of a public and private key. [2].

To ensure the verifiability and trustworthiness of the certificates as explained above, the owner of the certificate must make sure that the private key is known only to him or her.

The public key should be distributed as widely as possible however, because the only way to send an encrypted e-mail is if the public key is known to both the originator and the recipient. The quickest way to make the public key known is to digitally sign each e-mail that is sent (this can be preconfigured in the e-mail program settings). The public key is then automatically forwarded.