Secure your e-mails by digitally signing and encrypting the communication with our e-mail certificates, also known as personal ID certificates. The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol ensures message integrity so that email senders and recipients can verify that the content they share is legitimate and trusted. Email Certificates are supported by all major e-mail applications, including Microsoft Outlook, Exchange, popular mobile operating systems, etc.
EMAIL DIGITAL SIGNING AND ENCRYPTING
How are S/MIME certificates being used?
S/MIME e-mail certificates improve the security profile of your e-mail communication in three ways:
- Authenticates the sender - Each S/MIME e-mail certificate contains the sender's authenticated e-mail address. In this way, recipients can confirm that requests for information, transfers or other actions really comes from authorized parties.
- Encrypts the email content and attachments - E-mail clients can encrypt and decrypt e-mail content (including attachments) if certificates are present. This prevents malicious software from intercepting e-mail communication during transmission and reading its contents.
- Ensures message integrity - If a signed e-mail or its attachments are changed in any way, the validation fails and the user is warned by the e-mail client.
Welchen Nutzen bieten S/MIME Zertifikate?
The growing requirement for secure and confidential email delivery is the topic of almost every company today. Giving the customer the certainty of your identity is a key success factor in online business. S/MIME certificates take this into account and allow you to digitally sign and encrypt emails and their attachments with all common email clients and programs. The EPKI Manager gives you secure access to your web-based console, which allows you to administrate S/MIME Email Certificates for employees and partners in a simple way.
S/MIME Zertifikate können einzeln bestellt und beantragt werden. Für Kunden mit einem Bedarf mit von 15 oder mehr Zertifikaten bieten wir eine webbasierte Managed Lösung an, welche eine zentrale Administration und beste Übersicht gewährleistet. Wenn Sie sich für diese Lösung interessieren, nehmen Sie bitte Kontakt mit uns auf.
FAQ on S/MIME
S/MIME encryption - do I need that at all?
Under the Data Protection Act in the EU, all companies that provides personalized data must ensure secure transmission. It is therefore essential that law firms, hospitals, insurance companies as well as small businesses use S/MIME and encrypt their e-mail communication.
How does S/MIME help with fulfilling GDPR / DSGVO?
DSGVO penalty fee
Encypted email considerably reduces the risk of data breaches for companies. In case of a data breach, the company can reduce their penalties by demonstrating that appropriate security measures have been implemented to prevent data theft, such as S/MIME. The GDPR dictates that penalties for loss, alteration or unauthorized disclosure of data are imposed an amount of up to four percent of the worldwide annual turnover or EUR 20 million.
Leading technology solution
Secorio is a leading provider of digital identities with public-key technology. These identities are for a variety of uses in enterprise applications, such as mobile applications, device authentication in wireless networks, for encryption and digital signing of emails using S/MIME standards.
Earlier S/MIME solutions were sometimes costly to implement, with the result that employess could not routinely encrypt all emails. To solve this challenge, Secorio's technology partner has developed the industry's first X.509 Zero Touch Certificate management system This system automatically provides each user with a digital identity.
How can I use S/MIME as a college/student?
But why should you use S/MIME certificates as a student or university? Already starting from EUR 1.08 per month (with a 3-year term) you can strengthen the security of your e-mail communication with our Personal Secure E-Mail Certificate and you no longer have to fear misuse of your identity.
By signing and encrypting emails with S/MIME, you as a lecturer can communicate with students via an encrypted connection. In addition, the physical dispatch of grades and study letters will be a thing of the past.
As Registration Authority, we offer you the opportunity to run your own EPKI management solution. This means you can act independently of us and issue certificates for your employees, lecturers and also for your students.
Students can purchase a 30-day, free S/MIME via the following link: free S/MIME certificate
How do doctors and hospitals use S/MIME Email encryption?
Why should we encrypt our e-mails?
Encrypted emails: do not give readers a chance
The situation is different with encrypted emails: they can not be read by any attacker at a reasonable cost. Thanks to the public key encryption, these emails are only assigned to a specific recipient. This means that only the recipient of an e-mail can open and read the e-mail. To read the e-mail a certificate is required, which in turn is located on the computer of the recipient. This allows the message to be decrypted and read.
Digital sign with your signature
One last question remains: How does the recipient of your e-mail know that a particular public key actually belongs to you? This is listed in the S/MIME e-mail certificate. At least the e-mail address is listed in the certificate. For businesses, we recommend that you use the Enterprise Secure E-mail Certificate, as this validates the company and the full address. Who checks this information? We work closely with CA Sectigo and check your certificate in a 2-step process. This will ensure that you can use your certificate for Extended Signature/Electronic Signature.
We recommend doctors/medical practices/ therapists our Enterprise Secure E-Mail Certificate, which meets the highest safety requirements.
How law firms and trustees cost-effectively can implement email encryption with their clients?
Simply sending all the information and documents by e-mail - that's what the company has become accustomed to. Many are unaware that strangers are able to read or even modify the e-mails. Especially when sending trusted data caution is required.
With S/MIME (Secure/Multipurpose Internet Mail Extensions) e-mail certificates, you, as a lawyer/attorney, can keep your e-mail communication with your clients confidential. With little effort you can establish a secure connection, without sacrificing the usual comfort when sending e-mails.
How does S/MIME encryption work with your clients?
With our S/MIME certificates, your emails are encrypted or decrypted using a public and a private key and the corresponding Mail Gateway software. However, this requires that the sender and receiver have used the same standard (S/MIME) and have exchanged their public key. The exchange takes place after the first signed message.
No problem - our support team is at your disposal and can support you during the ordering and installation process. Our installation guide will help you integrate your certificates in your usual email environment and guide you step by step. You do not need additional software to use our certificates, and you can integrate an S/MIME certificate into any popular e-mail program - even on your smartphone.
We recommend for lawyers and law firms our Enterprise Secure E-Mail Certificate, which was designed according to the highest requirements of the CA/B. This will keep you and your clients safe from the misuse of your digital identity.
You have questions or you are not sure which is the right certificate for you? Our support team is available by phone on +41 41 514 31 33, on live chat or by email at firstname.lastname@example.org.
What are the requirements of the Federal Agency/Federal Network Agency?
Many companies currently have to deal with the topic of S/MIME e-mail certificates. We would like to familiarize you with the requirements of the Federal Network Agency.
The Federal Network Agency's goal is to introduce secure communication within Germany and in the EU. There are various ways to encrypt the e-mail communication. The most widely used technology worldwide for this are S/MIME certificates. In one Document the Federal Network Agency has created a regulation for the secure exchange of EDIFACT transmission files. It contains all regulations for a secure transmission of e-mails. In order to get the most important information from 26 pages shortly, we have summarized the conditions and requirements for the certificates.
Guidelines for the transmission way
Already since June 1, 2016, all e-mails in the German energy industry have to be signed or encrypted. For signing, the regulations listed below counts:
- In terms of 1: 1 communication, the data exchange is business-process-independent, ie the encryption and signature of the e-mail is uniform for all message types. All transmission files from a sender to a recipient must therefore be encrypted and signed.
- Encrypting and signing of e-mails is only permitted using the S/MIME standard, and it must be at least version 3.2 (IETF RFC 5751, release year 2010)
that is being used
- Each market partner must use only one certificate for the email address used (more precisely the associated private key) for the signing. The same private key is used to decrypt the email sent to this email address by the other market partners.
Choosing the right certification authority
For your e-mail certificate to be valid, it must be issued by a trusted Certification Authority (CA). For the CAs, the conditions described in 5.5.1 apply:
- The CA has a callback service that can be used to revoke certificates. For this purpose, it keeps a so-called certificate revocation list (CRL),
which is publicly accessible.
Our certificates are cryptographed and issued by CA Sectigo (formerly Comodo). All certificates can be revoked by phone on +41 41 514 31 33 or by e-mail email@example.com.
- The IT security of the CA operation is audited by an audit/certification according to a recognized audit/certification standard. There is a certification according to BSI TR03145, Secure Certification Authority operation recommended.
Secure Certification Authority operation empfohlen.
Our certificates are validated according to the guidelines of the CA / Browser Forum. Regular examinations are carried out by an external partner (Ernst & Young) .
- The registration service, including service outsourced to service providers (registrars), is performed with a high level of security.
Secorio itself is a registry authority of Sectigo. For over 10 years, the two companies have maintained a close and strategic partnership to provide a high level of security. All certificates are checked and validated by at least 2 parties.
Further requirements of EDIFACT
Further requirements can be found in the EDIFACT document. Currently, the requirements for certification bodies are fully complied - the final implementation will take place in Q4 2019. Therefore, Secorio works closely with other certificate authorities to offer the appropriate certificates.
Requirements for e-mail certificates
The requirements for e-mail certificates are clarified in 5.5.2:
- The e-mail certificate has to be issued by a CA that meets the requirements just mentioned.
All requirements are fully met.
- All certificates issued until 31.12.2017 must be signed with at least sha-256RSA signature algorithm. Certificates newly issued from 01.01.2018 to 31.12.2018 must be signed using either the RSASSA-PKCS1-v1_5 signature procedure (sha-256RSA or sha-512RSA signature algorithms) or RSASSAPSS. These certificates can be used to the maximum certificate validity (maximum 3 years) in the interim model of market communication.
Our S/MIME e-mail certificates contains the signature algorithm sha-256RSA and are issued with a maximum term of 3 years. An RSASSA encryption can optionally be added.
- All S/MIME certificates issued after 01.01.2019 must be signed with RSASSA-PSS.
Sectigo is currently not supporting the RSASSA-PSS algorithm. This is expected to be implemented in Q1 2020. Through our contact to an alternative international supplier, we have the opportunity to issue certificates with higher encryption algorithms.
- For the different uses for "signature" and "encryption", the same key pair is generated so that a so-called combined certificate is issued and used.
You can integrate our certificate into your e-mail client and, when composing e-mails, decide whether you want to sign or encrypt the e-mail. You do not need another certificate for this.
- Certificates must provide advanced electronic signature.
Our S/MIME certificates can be issued as a Class 1 or Class 2 certificate. In particular for companies we recommend the use of our Enterprise Secure Email Certificate, which allows advanced signature.
- The certificate must ensure identification and association with the company/service provider or organization that operates the e-mail address. This means that in the field O of the certificate must be the legal entity that operates the e-mail inbox for the e-mail address for which the certificate was issued, and under which the signed and encrypted e-mails are sent and received.
With our Enterprise Secure Email Certificates, your company will be validated and the existence of your certificate of incorporation will be checked. This ensures that the issued certificate can only be assigned to your company.
Algorithms and key lengths for S/MIME certificates
According to the guidelines under 5.5.3 of the Federal Network Agency, the following algorithms and keys with the specified key lengths must be used:
- hash function:
- SHA-256 or SHA-512
our certificates are issued with a SHA-256 hash function.
- SHA-256 or SHA-512
- signature methods
- Since January 1, 2018, only the RSAES-OAEP signature procedure can be used.
Our RSASSA-PSS certificates fulfills this signature procedure. Certificates from Sectigo currently use the SHA-256 signature method.
- Since January 1, 2018, only the RSAES-OAEP signature procedure can be used.
- Content encryption:
- AES-128 CBC or AES-192 CBC
Our certificates meet the standard of content encryption through advanced technology.
- AES-128 CBC or AES-192 CBC
- Key encryption:
- RSA key length at least 2048 bits
see points "Signature method"
- RSA key length at least 2048 bits
E-mail certificates: recommended actions
Our Enterprise Certificates meets the requirements of the Federal Network Agency and thus offer a high degree of security. Our certificates undergo validation processes according to strict guidelines before they are issued. Our certificates will continue to evolve in the future to continuously meet updated standards and ensure the security of your e-mail communications.
You have questions or are not sure which is the right certificate for you? Our support team will be happy to help you on the phone on +41 41 514 31 33, via live chat or by e-mail at firstname.lastname@example.org.
What are the benefits of email certificates?
S/MIME e-mail certificates enable the sending of encrypted and/or digitally signed e-mails using your current client software - Microsoft® Outlook Express, Microsoft® Outlook®, Microsoft Office 365, Netscape Messenger, or any other S/MIME compliant software.
The certificates are compatible with over 99% of all email clients and gateways. With our certificates, you bind your email identity (email address and, if desired, company name, address, first and last name) to the cryptographic key used to sign and encrypt emails, thus protecting your data from third parties.
FAQ about your order
I have to organize certificates for my employees - what should I do best?
How do I send my S / MIME certificate to someone so that they can send me crypted e-mails?
After receiving your email certificate, you will need to send your public key to the people you want to exchange encrypted email with. Simply send a digitally signed email, which automatically sends your public key. Recipients then only need to add your email address to their address book (point the cursor to the email address, click on the right mouse button, select option "Add Outlook Contacts"), which automatically saves your public key.
IMPORTANT: Encryption is only possible if both sender and recipient have a valid S/MIME certificate and the public keys have been exchanged in advance.