Translations of this page:

User Tools

Site Tools


en:tp:certificates:e-mail

E-Mail

There are various options for using electronic signature and encryption in the email area, depending on which software you are used to. Some prefer convenient e-mail clients on a PC (e.g. Microsoft Outlook, Mozilla Thunderbird) or mobile (e.g. with K-9 Mail), others like to work with webmail simply in the web browser.

Microsoft Outlook

A convenient way of using e-mail encryption and electronic e-mail signature on the PC is to use the e-mail client Microsoft Outlook.

Requirements

Configuration

The Microsoft Windows operating system stores user certificates in a central location, the Cryptographic Service Provider. Microsoft Outlook expects user certificates at this point, so you first have to check whether the user certificate is there:

  • Control Panel / Internet Options / Card: Contents / Certificates / Card: Own Certificates

The requested personal user certificate should be shown here. If this is not the case (e.g. because you did not apply for the user certificate using Microsoft Internet Explorer), you must first import the backup file created under User Certificates using the “Import …” button.

In the second step, Microsoft Outlook needs to know which certificate should be used and how:

  • File / Options / Trust Center / Trust Center Settings … / Email Security
  • Encrypted Email Messages Section
    • For the 4 checkboxes, just activate “Send signed messages as plain text”.
    • Select the button “Settings …”
      • Security setting name: DFN-PKI (<your email address>)
      • Cryptographic format: S / MIME
      • The default setting for this cryptographic message format: Enabled
      • Default setting for all cryptographic messages: Enabled
      • Certificates and algorithms
        • Signature certificate / Select … / Select your personal user certificate here.
        • Encryption algorithm / Select … / Select your personal user certificate here.
        • Add these certificates to signed messages: Enabled
  • Confirm your entries by clicking the “OK” button several times until you are back in the main Outlook window.

In the third step, Microsoft Outlook should be set up for the convenient use of digital signature and encryption:

  • In Microsoft Outlook click on “New E-Mail” and then on the “Options” card
  • Right-click “Sign” and choose “Add to Quick Access Toolbar”
  • Right-click “Encrypt” and choose “Add to Quick Access Toolbar”
  • Close the window again

You have now carried out all the necessary steps to sign every email. If you have the public key of your communication partner, you can also encrypt every email.

Use

Digital signing

Principle: Use your private key to sign your email. The communication partner can then use your public key to check whether / that data is unchanged.

  • In Outlook, click on “New E-Mail” and compose it.
  • Before sending, click on “digitally sign message” at the top of the shortcut
  • As soon as you click “Send”, the email is digitally signed and then sent
  • The communication partner sees the loop symbol as a sign of a digitally signed e-mail

Encrypt

Principle: You encrypt your email with the help of the communication partner's public key. The communication partner can then decrypt the email using his private key.

For encryption, you must first have the public key of the communication partner:

  • Have your communication partner send you a digitally signed email.
  • Add the communication partner to your Outlook contacts so that their public key is saved in your system
  • In Outlook, click on “New E-Mail” and compose it.
  • Before sending, click on “Encrypt” at the top of the quick access
  • As soon as you click “Send”, the email is encrypted and then sent
  • The communication partner sees the lock symbol as a sign of an encrypted e-mail