The use of certificates in e-mail communications
So-called S/MIME certificates serve two purposes in e-mail communications:
- Identification of the originator
- Preventing unauthorized access to the content
Originator identification:
The originator address in an e-mail can be easily fabricated. Certificates can be used to make the originator more trustworthy.
Certificates can be used to electronically sign an e-mail. The recipient’s e-mail program can then determine if the e-mail address and the electronic signature is trustworthy, so long as the owner of the e-mail address adheres to a couple of rules (see below).
Outlook marks e-mails containing a valid signature with "Signierte E-Mail":
Thunderbird marks e-mails containing a valid signature with a sealed envelope.
By clicking on the envelope you can see the e-mailadress belonging to the certificate.
Please verifiy if it is identlcal to the senders e-mailadress.
Concealing the communications content from unauthorized persons
Certificates can be used to encrypt the content in an e-mail so that only an authorized recipient is able to read it. The e-mail address of the communications partner, plus the subject line of the e-mail, are not encrypted.
Any member of the university can apply for a certificate to use with a TUM e-mail address. This is highly recommended for members of the university who frequently handle confidential information (exam results, employee data). [1].
A certificate consists of a public and private key. [2].
To ensure the verifiability and trustworthiness of the certificates as explained above, the owner of the certificate must make sure that the private key is known only to him or her.
The public key should be distributed as widely as possible however, because the only way to send an encrypted e-mail is if the public key is known to both the originator and the recipient. The quickest way to make the public key known is to digitally sign each e-mail that is sent (this can be preconfigured in the e-mail program settings). The public key is then automatically forwarded.
[1] Information about how to apply is available at: http://www.it.tum.de/en/certificates/
[2] Related and other background information can be found at https://en.wikipedia.org/wiki/Public-key_cryptography