Every email is vulnerable, theoretically. The path of an email through the Internet is long, even if the speed of transmission often makes you forget. Emails can be intercepted, read or even modified during transport. At least if they are sent unencrypted. The consequences can be devastating: financial damage, data loss or loss of image threaten all those who exchange unencrypted emails. In addition, unencrypted emails are already no longer compatible with data protection – also with regard to the GDPR.
One way to enable secure email communication and send information confidentially and securely is PKI-based email encryption and signature. PKI stands for Public Key Infrastructure, and the most common standard for such encryption used by government agencies and companies is S/MIME (Secure/Multipurpose Internet Mail Extensions).
A PKI is a system that can issue, distribute and verify digital certificates. The certificates issued within a PKI are used to secure email communication, as they confirm the authenticity of the public key and its permissible scope of application and validity. The digital certificate itself is protected by a digital signature, the authenticity of which can be verified with the public key of the issuer of the certificate.
What are S/MIME certificates?
So-called certificates are required for signing and encrypting emails. The term certificate here refers to a key pair consisting of a private and a public key. The private key is used for signing and decrypting emails, the public key is used by communication partners to verify the validity of email signatures and to encrypt messages.
The two keys form a mathematical unit and represent the appropriate reverse operations for each other. For example, the private key always calculates +1, while the public key always calculates -1. The certificate as such also contains information about its owner, the intended use and the trustworthiness of the certificate.
What types of certificates are there?
Usually the keys are generated on the computer that will use them later. However, the public key must still be signed by a certification authority. This is equivalent to issuing an identity card at your local registration office. The office confirms your identity. For S/MIME certificates, this is done by certification authorities also known as Trust Centers.
With its signature, the Trust Center confirms that the certificate belongs to a specific person or organization. The applicant’s details are verified using various procedures. Different types of certificates are issued, depending on how exactly the verification is carried out or what exactly is checked; this is also referred to as different trust levels.
The best known and probably most frequently used form of identification is email address verification. This also represents the lowest trust level. Only the acquisition of higher trust levels requires the verification of documents or personal presentation. The prices for the certificates depend accordingly on the expenditure for the certification.
With this certificate type, the possession of an email address is confirmed. This can be a department email address – for example firstname.lastname@example.org – or a personal email address.
Personal certificates are usually issued at this trust level. These are issued for a specific email address that is assigned to a person, for example email@example.com. For this certificate type, a person must be uniquely identified. Depending on the Trust Center, different documents must be submitted. Examples are identity card, driving licence or social insurance proof.
Organizationally validated certificates are a special type of certificate. In addition to the first and last name as well as the email address, the name of the company is also noted in the certificate. Since Trust Centers may only record verified data in certificates, an important prerequisite is that the Trust Center has verified the existence of the company.
Finding the Right S/MIME Certificate
Depending on the area of application and company structure, different certificate types can be useful. In addition, the individual trust centers use different definitions of certificate types and product names for these certificate types. In order to get an overview and to find the right certificate for you and your company, competent personal advice is essential.
From our partner SSL Plus you receive certificates of all trust levels from the renowned trust centres D-Trust, SwissSign and GlobalSign and are accompanied through all steps of the certificate purchase. The competent consultants will find the certificate types recommended for your company, answer all your questions about email encryption with S/MIME certificates and show you how to easily integrate them into the automatic certificate management of NoSpamProxy.