You can use an X.509 certificate to sign and encrypt files, among other things.
First of all, you have to install a suitable certificate management software on your PC. Here, for example, software with the name “Kleopatra” offers itself. Kleopatra is free (in the sense of freedom), open-source and at the same time free software.
First of all, you have to import the 2 complete, issuing certification chains of the DFN-PKI for the Jade University in Kleopatra. You can find the required files within the university in the PC network system and outside the university via the WebFiler at
To do this, import the following files under the Kleopatra menu item “File / Import” in this order:
In the end, close all tabs with the name “Imported Certificates”. Just leave the “All certificates” card open.
Certificate Revocation List (CRL)
Certificate revocation lists are not currently supported, so you have to turn off the check:
In the further process, you have to import your X.509 certificate using the certificate file created under user certificates (section Backup):
To do this, import the certificate file created under user certificates (section Backup) under the Kleopatra menu item “File / Import”. In the course of the import dialogue, you will be asked to enter a passphrase in the “pinentry” window. This is the password that you also entered when you created the user certificate under backup (you may have to enter this password two more times).
Public user certificates
If you want to encrypt files for other people, you must have the recipient's public user certificates required for encryption and also import them into Kleopatra.
Now you can sign and/or encrypt files in Kleopatra:
Now you can check and/or decrypt files for a valid signature in Kleopatra: