S/MIME E-MAIL

WITH S / MIME E-MAIL CERTIFICATES

EMAIL DIGITAL SIGNING AND ENCRYPTING

Secure your e-mails by digitally signing and encrypting the communication with our e-mail certificates, also known as personal ID certificates. The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol ensures message integrity so that email senders and recipients can verify that the content they share is legitimate and trusted. Email Certificates are supported by all major e-mail applications, including Microsoft Outlook, Exchange, popular mobile operating systems, etc.

What Are The Benefits Of S/MIME Certificates?

The growing requirement for secure and confidential email delivery is the topic of almost every company today. Giving the customer the certainty of your identity is a key success factor in online business. S/MIME certificates take this into account and allow you to digitally sign and encrypt emails and their attachments with all common email clients and programs. The EPKI Manager gives you secure access to your web-based console, which allows you to administrate S/MIME Email Certificates for employees and partners in a simple way.

For customers with a requirement of 15 or more certificates, we offer a web-based managed solution, which guarantees central administration and the best overview. If you are interested in this solution, please contact us.

*End-To-End Encryption (Secure E-Mail)

End-to-end message encryption between you and your contacts. Signed and encrypted emails can not be intercepted and decrypted by man-in-the-middle attackers, packet sniffers, or https proxies.

*99,9% Trustworthy

Trusted by all major e-mail clients and Internet browsers.

*Lifetime According To Your Wishes

Suitable terms of one or two years.

*Automated Check

Client of the recipient is checking the digital signature of the sender's email.

SMIME_secureemail-500x427
cropped-secorio-fav.png

S/MIME E-MAIL CERTIFICATES IMPROVE THE SECURITY PROFILE OF YOUR E-MAIL COMMUNICATION

How Are S/MIME Certificates Being Used?

    • Authenticates the sender - Each S/MIME e-mail certificate contains the sender's authenticated e-mail address. In this way, recipients can confirm that requests for information, transfers or other actions really comes from authorized parties.
    • Encrypts the email content and attachments - E-mail clients can encrypt and decrypt e-mail content (including attachments) if certificates are present. This prevents malicious software from intercepting e-mail communication during transmission and reading its contents.
    • Ensures message integrity - If a signed e-mail or its attachments are changed in any way, the validation fails and the user is warned by the e-mail client.

Grundsätzlich empfiehlt sich der Einsatz von E-Mail Zertifikate, wenn Sie vertraulichen Inhalt versenden. E-Mail Zertifikate ermöglichen den Versand von signierten und kryptierten E-Mails. Mit unseren weltweit anerkannten Zertifikaten können verschlüsselte E-Mails vom vom vorgesehenen Empfänger geöffnet und gelesen werden. Digital signierte E-Mails geben Ihnen und dem Empfänger die Sicherheit, dass die Zertifikate auch wirklich von Ihnen stammen. So hat der Empfänger ein Kontrollinstrument, mit welchem er prüfen kann, ob die Email bei der Übertragung verändert wurde. Im Rahmen des Datenschutzgesetzes in der EU, müssen sämtliche Unternehmen, welche personalisierte Personendaten übermitteln, eine sichere Übertragung gewährleisten. Daher ist es unumgänglich, dass Anwaltskanzleien, Spitäler, Versicherungsunternehmen wie aber auch Kleinunternehmer S/MIME einsetzen und Ihre E-Mail Kommunikation verschlüsseln.

In 2016, The European Union Passed The General Data Protection Regulation (DSGVO). This Replaces The 1995 Data Protection Directive With A Stricter Data Protection, And Has Since Become Law Across The EU. Article 25 Of The GDPR Demands Data Protection For All Companies "By Default" When Handling Personal Data, Which Implies That E-Mails With Personal Data Must Be Transmitted In A Safe And Trustworthy Way.

DSGVO Penalty Fee
Encypted Email Considerably Reduces The Risk Of Data Breaches For Companies. In Case Of A Data Breach, The Company Can Reduce Their Penalties By Demonstrating That Appropriate Security Measures Have Been Implemented To Prevent Data Theft, Such As S/MIME. The GDPR Dictates That Penalties For Loss, Alteration Or Unauthorized Disclosure Of Data Are Imposed An Amount Of Up To Four Percent Of The Worldwide Annual Turnover Or EUR 20 Million.
Leading Technology Solution
Secorio Is A Leading Provider Of Digital Identities With Public-Key Technology. These Identities Are For A Variety Of Uses In Enterprise Applications, Such As Mobile Applications, Device Authentication In Wireless Networks, For Encryption And Digital Signing Of Emails Using S/MIME Standards. Earlier S/MIME Solutions Were Sometimes Costly To Implement, With The Result That Employess Could Not Routinely Encrypt All Emails. To Solve This Challenge, Secorio's Technology Partner Has Developed The Industry's First X.509 Zero Touch Certificate Management System This System Automatically Provides Each User With A Digital Identity.

Patient Information Is Sent To Doctors' Offices, Hospitals And Rehabilitation Centers Every Day. For Several Years It Has Been Said That Unencrypted E-Mails Are Comparable To A Postcard. Postcards Can Be Read By Anyone If You Have Access To Them. Third Parties Entitled To Do So May, Without The Knowledge Of The Intended Recipient, Read Along With E-Mails And/Or Change Their Content.

Why Should We Encrypt Our E-Mails?

Unencrypted E-Mails Are In Conflict With The Current Privacy Policy. There May Be Several Reasons Why Third Parties Would Like To Gain Access To Your E-Mails Or Read The Entire E-Mail Correspondence Of Your Practice. Do You Send Patient Data Unencrypted? Since The Introduction Of The Current Data Protection Act, You Can Be Held Accountable If Data Can Be Read By Unauthorized Third Parties.

Encrypted Emails: Do Not Give Readers A Chance

The Situation Is Different With Encrypted Emails: They Can Not Be Read By Any Attacker At A Reasonable Cost. Thanks To The Public Key Encryption, These Emails Are Only Assigned To A Specific Recipient. This Means That Only The Recipient Of An E-Mail Can Open And Read The E-Mail. To Read The E-Mail A Certificate Is Required, Which In Turn Is Located On The Computer Of The Recipient. This Allows The Message To Be Decrypted And Read.

Digital Sign With Your Signature

One Last Question Remains: How Does The Recipient Of Your E-Mail Know That A Particular Public Key Actually Belongs To You? This Is Listed In The S/MIME E-Mail Certificate. At Least The E-Mail Address Is Listed In The Certificate. For Businesses, We Recommend That You Use The Enterprise Secure E-Mail Certificate, As This Validates The Company And The Full Address. Who Checks This Information? We Work Closely With CA Sectigo And Check Your Certificate In A 2-Step Process. This Will Ensure That You Can Use Your Certificate For Extended Signature/Electronic Signature.
We Recommend Doctors/Medical Practices/ Therapists Our Enterprise Secure E-Mail Certificate, Which Meets The Highest Safety Requirements.

Many Companies Currently Have To Deal With The Topic Of S/MIME E-Mail Certificates. We Would Like To Familiarize You With The Requirements Of The Federal Network Agency. The Federal Network Agency's Goal Is To Introduce Secure Communication Within Germany And In The EU. There Are Various Ways To Encrypt The E-Mail Communication. The Most Widely Used Technology Worldwide For This Are S/MIME Certificates. In One Document The Federal Network Agency Has Created A Regulation For The Secure Exchange Of EDIFACT Transmission Files. It Contains All Regulations For A Secure Transmission Of E-Mails. In Order To Get The Most Important Information From 26 Pages Shortly, We Have Summarized The Conditions And Requirements For The Certificates.

Guidelines For The Transmission Way

Already Since June 1, 2016, All E-Mails In The German Energy Industry Have To Be Signed Or Encrypted. For Signing, The Regulations Listed Below Counts:
  • In Terms Of 1: 1 Communication, The Data Exchange Is Business-Process-Independent, Ie The Encryption And Signature Of The E-Mail Is Uniform For All Message Types. All Transmission Files From A Sender To A Recipient Must Therefore Be Encrypted And Signed.
  • Encrypting And Signing Of E-Mails Is Only Permitted Using The S/MIME Standard, And It Must Be At Least Version 3.2 (IETF RFC 5751, Release Year 2010)
    That Is Being Used
  • Each Market Partner Must Use Only One Certificate For The Email Address Used (More Precisely The Associated Private Key) For The Signing. The Same Private Key Is Used To Decrypt The Email Sent To This Email Address By The Other Market Partners.

Choosing The Right Certification Authority

For Your E-Mail Certificate To Be Valid, It Must Be Issued By A Trusted Certification Authority (CA). For The CAs, The Conditions Described In 5.5.1 Apply:
  • The CA Has A Callback Service That Can Be Used To Revoke Certificates. For This Purpose, It Keeps A So-Called Certificate Revocation List (CRL),
    Which Is Publicly Accessible.
    Our Certificates Are Cryptographed And Issued By CA Sectigo (Formerly Comodo). All Certificates Can Be Revoked By Phone On +41 41 514 31 33 Or By E-Mail Info@Secorio.Com.
  • The IT Security Of The CA Operation Is Audited By An Audit/Certification According To A Recognized Audit/Certification Standard. There Is A Certification According To BSI TR03145, Secure Certification Authority Operation Recommended.
    Secure Certification Authority Operation Empfohlen.
    Our Certificates Are Validated According To The Guidelines Of The CA / Browser Forum. Regular Examinations Are Carried Out By An External Partner (Ernst & Young) .
  • The Registration Service, Including Service Outsourced To Service Providers (Registrars), Is Performed With A High Level Of Security.
    Secorio Itself Is A Registry Authority Of Sectigo. For Over 10 Years, The Two Companies Have Maintained A Close And Strategic Partnership To Provide A High Level Of Security. All Certificates Are Checked And Validated By At Least 2 Parties.

Further Requirements Of EDIFACT

Further Requirements Can Be Found In The EDIFACT Document. Currently, The Requirements For Certification Bodies Are Fully Complied - The Final Implementation Will Take Place In Q4 2019. Therefore, Secorio Works Closely With Other Certificate Authorities To Offer The Appropriate Certificates.

Requirements For E-Mail Certificates

The Requirements For E-Mail Certificates Are Clarified In 5.5.2:
  • The E-Mail Certificate Has To Be Issued By A CA That Meets The Requirements Just Mentioned.
    All Requirements Are Fully Met.
  • All Certificates Issued Until 31.12.2017 Must Be Signed With At Least Sha-256RSA Signature Algorithm. Certificates Newly Issued From 01.01.2018 To 31.12.2018 Must Be Signed Using Either The RSASSA-PKCS1-V1_5 Signature Procedure (Sha-256RSA Or Sha-512RSA Signature Algorithms) Or RSASSAPSS. These Certificates Can Be Used To The Maximum Certificate Validity (Maximum 3 Years) In The Interim Model Of Market Communication.
    Our S/MIME E-Mail Certificates Contains The Signature Algorithm Sha-256RSA And Are Issued With A Maximum Term Of 3 Years. An RSASSA Encryption Can Optionally Be Added.
  • All S/MIME Certificates Issued After 01.01.2019 Must Be Signed With RSASSA-PSS.
    Sectigo Is Currently Not Supporting The RSASSA-PSS Algorithm. This Is Expected To Be Implemented In Q1 2020. Through Our Contact To An Alternative International Supplier, We Have The Opportunity To Issue Certificates With Higher Encryption Algorithms.
  • For The Different Uses For "Signature" And "Encryption", The Same Key Pair Is Generated So That A So-Called Combined Certificate Is Issued And Used.
    You Can Integrate Our Certificate Into Your E-Mail Client And, When Composing E-Mails, Decide Whether You Want To Sign Or Encrypt The E-Mail. You Do Not Need Another Certificate For This.
  • Certificates Must Provide Advanced Electronic Signature.
    Our S/MIME Certificates Can Be Issued As A Class 1 Or Class 2 Certificate. In Particular For Companies We Recommend The Use Of Our Enterprise Secure Email Certificate, Which Allows Advanced Signature.
  • The Certificate Must Ensure Identification And Association With The Company/Service Provider Or Organization That Operates The E-Mail Address. This Means That In The Field O Of The Certificate Must Be The Legal Entity That Operates The E-Mail Inbox For The E-Mail Address For Which The Certificate Was Issued, And Under Which The Signed And Encrypted E-Mails Are Sent And Received.
    With Our Enterprise Secure Email Certificates, Your Company Will Be Validated And The Existence Of Your Certificate Of Incorporation Will Be Checked. This Ensures That The Issued Certificate Can Only Be Assigned To Your Company.

Algorithms And Key Lengths For S/MIME Certificates

According To The Guidelines Under 5.5.3 Of The Federal Network Agency, The Following Algorithms And Keys With The Specified Key Lengths Must Be Used: Signature:
  • Hash Function:
    • SHA-256 Or SHA-512
      Our Certificates Are Issued With A SHA-256 Hash Function.
  • Signature Methods
    • Since January 1, 2018, Only The RSAES-OAEP Signature Procedure Can Be Used.
      Our RSASSA-PSS Certificates Fulfills This Signature Procedure. Certificates From Sectigo Currently Use The SHA-256 Signature Method.
Encoding
  • Content Encryption:
    • AES-128 CBC Or AES-192 CBC
      Our Certificates Meet The Standard Of Content Encryption Through Advanced Technology.
  • Key Encryption:
    • RSA Key Length At Least 2048 Bits
      See Points "Signature Method"

E-Mail Certificates: Recommended Actions

Our Enterprise Certificates Meets The Requirements Of The Federal Network Agency And Thus Offer A High Degree Of Security. Our Certificates Undergo Validation Processes According To Strict Guidelines Before They Are Issued. Our Certificates Will Continue To Evolve In The Future To Continuously Meet Updated Standards And Ensure The Security Of Your E-Mail Communications. You Have Questions Or Are Not Sure Which Is The Right Certificate For You? Our Support Team Will Be Happy To Help You On The Phone On +41 41 514 31 33, Via Live Chat Or By E-Mail At Info@Secorio.Com.

S/MIME E-Mail Certificates Enable The Sending Of Encrypted And/Or Digitally Signed E-Mails Using Your Current Client Software - Microsoft® Outlook Express, Microsoft® Outlook®, Microsoft Office 365, Netscape Messenger, Or Any Other S/MIME Compliant Software. The Certificates Are Compatible With Over 99% Of All Email Clients And Gateways. With Our Certificates, You Bind Your Email Identity (Email Address And, If Desired, Company Name, Address, First And Last Name) To The Cryptographic Key Used To Sign And Encrypt Emails, Thus Protecting Your Data From Third Parties.

We, Secorio AG, Offer Enterprise Customers Free EPKI (Management Solution For SSL & S/MIME Certificates) allowing hassle-free and centralized administration of certificates. 10 is the minimum number of certificates for EPKI.

After receiving your email certificate, you will need to send your Public Key to the people you intend to exchange encrypted email with. Simply send a digitally signed email, which automatically includes your Public Key. Recipients then only need to add your email address to their address book (point the cursor to the email address, click on the right mouse button, select option "Add Outlook Contacts"), which automatically saves your Public Key. IMPORTANT: Encryption is only possible, if both sender and recipient have a valid S/MIME certificate and the Public Keys have been exchanged in advance.