Every email is vulnerable – theoretically. The journey of an email through the Internet is long, although the speed of transmission often makes this forget. Emails can be intercepted, read, or even modified during transportation. At least if they are sent unencrypted. The consequences may be devastating: Qinthe ancendatous damage, loss of data or loss of image are at risk for all those who exchange emails unencrypted. In addition, unencrypted emails are already no longer compatible with data protection – also with regard to the General Data Protection Regulation (GDPR)
One way to enable secure email communication and send information confidentially and securely is to use PKI-based e-mail encryption and signature. PKI stands for Public Key Infrastructure, and the most common standard for such encryption is S/MIME (Secure/Multipurpose Internet Mail) Extensions).
A PKI is a system that can issue, distribute, and verify digital certificates. The certificates issued within a pKI are used to secure email communication, confirm the authenticity of the public key and its permissible scope. The digital certificate itself is protected by a digital signature, the authenticity of which can be verified with the public key of the issuer of the certificate.
What are S/MIME certificates?
For signing and encrypting email so-called certificates are required. The term certificate here refers to a key pair consisting of a private and a public key. The private key is used for signing and decrypting email, the public key is used by communication partners to verify the validity of email signatures and encrypt them to email.
The two keys form a mathematical unit and provide the appropriate reversal operations foreachother presented. For example, the private key always calculates +1, while the public key always calculates -1. The certificate as such also contains information about its owner, the purpose of use, and the trustworthiness of the certificate.
What types of certificates are there?
Typically, the keys are generated on the computer, which will use them later. However, the public key still needs to be signed by a CA. This corresponds to the issuance of an identity card in your local registration office. The Office confirms your identity. In the case of S/MIME certificates, certification authorities take over – also Trust Center.
The Trust Center confirms with its signature that the certificate belongs to a specific person or organization. The applicant’s information shall be verified by means of various procedures. Different types of certificates are issued, depending on how accurate the check is or what is verified; we are also talking about different trust levels.
The best known and probably most used type of identification is the verification of the email address. This is also the lowest trust level. Only the acquisition of higher trust levels requires the examination of documents or personal presentation. The prices for the certificates depend accordingly on the cost of the certification.
This type of certificate confirms the possession of an email address. This can be a departmental email address, such as email@example.com, or a personal email address.
At this trust level, certificates issued. These are issued for a specific email address associated with a person, for example, firstname.lastname@example.org. A person must be uniquely identified for this type of certificate. Depending on the Trust Center, this requires the submission of different documents. Identity card, driver’s license or social security certificate are examples here.
Organization-validated certificates are a special type of certificate. In addition to the first and last name as well as the email address, the name of the company is also noted in the certificate. Since Trust Center is only allowed to record verified data in certificates, an important requirement is that the Trust Center has verified the existence of the company.
Find the right S/MIME certificate
Depending on the application area and company structure, different types of certificates may be useful. In addition, different definitions of certificate types for each trust center and product names for these certificate types. In order to get an overview and to find the right certificate for you and your company, competent personal advice is essential.
With our partner SSL Plus, you will receive certificates of all trust levels from the trust centers D-Trust, SwissSign and GlobalSign and are accompanied in all steps of the certificate purchase. The competent consultants find the recommended certificate types for your business, answer all questions about email encryption with S/MIME certificates, and show you how to easily integrate them into NoSpamProxy’s automatic certificate management.