There are different possibilities to use the electronic signature and encryption in the e-mail environment, depending on the software one is used to. Some prefer comfortable e-mail clients at the computer (e.g. Microsoft Outlook, Mozilla Thunderbird) or mobile versions (e.g. mit K-9 Mail), others work with Webmail via webbrowser.

A comfortable option to use e-mail encryption and an electronic e-mail signature on the computer would be to use the e-mail client Microsoft Outlook.

• Installation and configuration of Microsoft Outlook 2016
• Application for a user certificate

The operation system Microsoft Windows saves user certificates in a centralised location, the Cryptographic Service Provider. Microsoft Outlook expects user certificates at this exact location, this is why it is necessary to examine, whether the user certificate exists there:

• System Control / Internet Options / Card: Content / Certificates / Card: Own Certificates

Here, the personal user certificate that has been applied for should be visible. In case it is not (e.g. because you have not applied for the user certificate with the Internet Explorer), you will need to import the backup file created under User Certificates by clicking the button “Import“.

In the next step, Microsoft Office needs to know, which certificate is supposed to be used in which way:

• File / Options / Trust Center / Settings for the Trust Center… / E-Mail-Security
• Section “Encrypted E-Mail Messages”
  • Activate only “Send signed messages as clear text” out of the four checkboxes.
  • Select the button “Settings…”
    • Name of the Security Setting: DFN-PKI (<Your e-mail address>)
    • Cryptographie Format: S/MIME
    • Standard Settings for this format of cryptographic messages: Active
    • Standard Settings for all cryptographic messages: Active
    • Certificates and algorithms
      • Signature certificate / Select… / Here, select you personal user certificate.
      • Encryption algorithm / Select… / Here, select your personal user certificate.
      • Add these certificates to signed messages: Active
• Confirm your entry by repeatedly clicking “OK”, until you are once again on the main screen of Outlook.

In the third and last step, Microsoft Outlook should be set up for the comfortable use of digital signatures and encryptions:

• When in Microsoft Outlook, click on “New E-Mail” and then on the “Options” map
• With the right mouse button, click on “Sign” and select “Add to toolbar for quick access”
• With the right mouse button, click on “Encrypt” and select “Add to toolbar for quick access”
• Close the window

Digital Signing

Principle: You sign your e-mail with aid of your private key. The communication partner is then able to use your public key to check whether data exist unchanged.

• When Outlook is opened, click on “New E-Mail” and write one.
• In advance of sending it, click on “Sign message digitally” in the quick access above.
• As soon as you clik “Send”, the e-mail will be signed digitally and sent after that.
• The communication partner will have the digitally signed e-mail indicated by a ribbon symbol.

Encrypting

Principle: You encrypt your e-mail with aid of the public key of your communication partner. Your communication partner is then able to decrypt the e-mail with his / her private key.

Hence, you need to have the public key of your communication partner in order to execute encryption:

• Ask your communication partner to send a digitally signed e-mail to you.
• Add this communication partner to your Outloook contacts. This way, his / her public key is being saved in your system.

• When Outlook is started, click on “New E-Mail” and write one.
• In advance of sending it, click on “Encrypt” in the quick access above.
• As soon as you click “Send”, the e-mail will be encrypted and sent after that.
• The communication partner will have the encrypted e-mail indicated by a lock symbol.