Email encryption with the Arbeitsagentur
With email encryption, you can protect your company’s communications and prevent sensitive data from being illegally tapped. The General Data Protection Regulation (GDPR) requires companies to encrypt emails containing personal data. Encrypting the mails ensures the confidentiality of the data sent. Only the intended recipient of the mail may read the contents. Of course, this also applies to emails containing personal data that are exchanged with the Bundesagentur für Arbeit (BA – German Federal Employment Agency) or job centers. In particular, public institutions such as municipalities, cities, and human resources departments from the free trade sector communicate regularly with the employment agency. In this blog article, we describe how to automatically encrypt emails to the employment office.
What do I need for email encryption?
In addition to a certificate and the corresponding private key for your own mail address, you need the public key of your communication partner for encrypted sending to the BA. You can get your own certificate from a trust center such as D-Trust, DigiCert, GlobalSign or SwissSign. But how do you get the public key of the employee or the group mailbox of the employment agency?
How do I get the S/MIME certificate of the recipient of the Bundesagentur für Arbeit?
There are three manual ways to obtain the certificate of your contact person or group mailbox. Each of these requires several steps to obtain the required certificate.
1. Contact the Bundesagentur für Arbeit
You contact the BA and ask them to give you the S/MIME certificate of the respective contact person.
2. Use the certificate search of the Bundesagentur für Arbeit
The Bundesagentur für Arbeit offers a certificate search on its own website. There you can manually enter the email address of the recipient and search for the certificate. You can then download and install the certificate and the corresponding issuer certificates in various formats. You must then ask the contact person at the employment office to send you an invitation for email encryption so that the BA employee can send you encrypted mails. You will then receive a link and the option to enter your contact details as well as upload your own certificate.
3. Set up access to LDAP directory service
Another way to access the BA’s certificates is to set up access to the LDAP directory service. You have to request the access by mail. Afterwards, the LDAP access data will be transmitted via encrypted mail. Before that, however, you must again request an invitation for email encryption. Afterwards you have an access to the entire address book of the BA.
Encrypting emails to the Arbeitsagentur – with automated certificate management.
The options described above for obtaining the communication partner’s certificate from the BA require several steps and make encrypted communication with the Arbeitsagentur much more difficult. In addition, this procedure means a time-consuming effort, for example, for your IT administrator.
Our free service Open Keys is the central source for obtaining public certificates. It follows the open source approach and, if you have licensed NoSpamProxy Encryption, is directly integrated into NoSpamProxy Server and NoSpamProxy Cloud. Open Keys connects to the LDAP directory service of the Arbeitsagentur and automatically retrieves the public keys for email encryption. You can communicate with your communication partner immediately encrypted without prior exchange of signed mails.
How to enable Open Keys in NoSpamProxy Server
In the NoSpamProxy Command Center, under Identities > Public Key Servers, select the Use Open Keys (recommended) checkbox.
Non-NoSpamProxy customers can also use the free service and search for public keys automatically at www.openkeys.de via LDAP or Web API.
NoSpamProxy Cloud
In NoSpamProxy Cloud, the Open Keys service is also available and automatically enabled.
Automatically encrypt emails to the Bundesagentur für Arbeit
NoSpamProxy Server
In the other settings in the NoSpamProxy Server rule set, you can also configure a central security setting so that all emails sent to domains such as “arbeitsagentur.de” or domains of the regional job centers, for example, are automatically encrypted. This way you include all email addresses of the defined domain and ensure that no emails sent to this domain are sent unencrypted.
Non-NoSpamProxy customers can also use the free service and search for public keys automatically at www.openkeys.de via LDAP or Web API.
NoSpamProxy Cloud
Similar to NoSpamProxy Server, in NoSpamProxy Cloud you can also specify domains or recipient addresses in the rules to which emails are to be sent encrypted by default.
Advantages of the automated encryption of mails to the employment office
With the Open Keys feature enabled, your employees do not need to worry about email encryption or certificate management. They can concentrate fully on their core tasks. The automated encryption and signature of emails ensures data protection in email communication – and you meet the requirements of the General Data Protection Regulation (GDPR) in email communication.
Advantages at a glance:
Receiving encrypted emails from the Bundesagentur für Arbeit
Of course you can receive encrypted emails from the Arbeitsagentur with NoSpamProxy. Thereby NoSpamProxy checks the signatures and decrypts the emails.
NoSpamProxy Server
In your NoSpamProxy server installation you only need to add the intermediate and root certificates of the employment agency once for this, so that the certificate chain can be checked for validity. These are offered with the results of the certificate search described above. In addition, you must provide the BA with your own certificates in advance. NoSpamProxy publishes your certificates on request automatically in Open Keys, from which in turn the BA can retrieve the current status by using freely available interfaces. If a certificate is updated, this is immediately published in Open Keys in real time.
NoSpamProxy Cloud
In NoSpamProxy Cloud, you do not need to manually add the employment agency’s intermediate and root certificates. They are automatically included and immediately used for receiving emails.
NoSpamProxy Encryption & Open Keys: The perfect combination
With the encryption solution NoSpamProxy Encryption and the free service for obtaining certificates, Open Keys, you rely on a strong duo for secure email communication. Activate the Open Keys function in NoSpamProxy Server now or use the directly integrated service in NoSpamProxy Cloud to automatically receive public keys – for example from the Bundesagentur für Arbeit – and communicate in encrypted form. You do not have NoSpamProxy in use yet? Request your free trial version now!
