Sign and encrypt

Prerequisite

In order to be able to sign and encrypt emails, you need a user Certifikate. On the Webseiten to public-key-infrastructure you can find out everything about certificates. With the certificate you receive a key pair consisting of a public and private key.

Here you find Step by step instructions for applying for a user certificate.

The instructions decribed sign and encryption in Microsoft Outlook. You can also integrate your certificate into other mail clients. You cannot sign / encrypt emails and receive encrypted emails via the web browser (please refer Access via Webbrowser).

private key

You sign with your private key from your user certificate.

Sign emails in Outlook

The IT-Service-Center recommends that all messages be signed by default. You can mark thes option when you set up your certificate in Outlook.

[Translate to English:] Screenshot Signatur als Standard im Outlook einstellen

Signatur by default

You can check the item in the Outlook options (Datei --> Optionen> Trust Center (in manchen Versionen auch Sicherheitscenter) --> Einstellungen für das Trustcenter --> E-Mail Sicherheit)

"Ausgehende Nachrichten digitale Signatur hinzufügen"

You can find deteiled step-by-step instructions with screenshots on the website Integration into Outlook.

You can set the signature for each mail separately or check whether it is available.

Go to "Opionen" in the window of the mail to be written. The point "Signieren" must be stored.

 

[Translate to English:] Screenshot Signieren einer Mail

Detect whether an email is signed

[Translate to English:] Sreenshot Überprüfung Zertifikat

Click on the certificate symbol at the top of the mail.

You will find out who the sender is and whether the certificate is valid.

Encryption of emails

Prerequisite

You need the recipient´s public key to encrypt emails. You will receive this by a signed email from the recipient.

The recipient needs his private key to decrypt the mail.

public key

You encrypt with the recipient´s public key!

If you want to encrpt an email, it is best to reply to a signed email from the recipient.

[Translate to English:] Screenshot Button Verschlüsseln im Outlook

Write a mail. Go to "Options" in the window of the mail editor. Mark the item "Verschlüsseln", it must be highlighted.

If you anser the mail directly from the overview, you have to click on "Abdocken" to see the menues of the mail editor.

Receive an encrypted email

private key

You decrypt received encrypted mails with your private key.

You can only read mails in the mail client in wich you have integrated your certificate.

Keep older certificates to be able to read encrypted mails from the time of validity of these certificates.

[Translate to English:] Screenshot der Symbole für verschlüsselte Mails

You can recognize an encrypted mail by the lock in the letter in the mail overview or in the mail preview at the top right. In your Outlook client, you can read mails as normal, open the attachments and store the mail if the certificate is included. You cannot read this mail via the web interface or clients in which the certificate is not integrated.

Solution to the problem of encrypting mails with Outlook

Sometimes, despite the recipient's public key being present, errors occur when sending encrypted mail.

You will then receive a message that no public key can be found for this recipient.

This happens especially if your Outlook has saved an outdated public key of the recipient.

[Translate to English:] Screenshot Fehler im Outlook

Solutions

  • Reply directly to the recipient's signed mail.
  • If you have an outlook contact of this recipient, delete it an then reply to the recipient's signet mail.
  • Create a new outlook contact by right-clicking in the signed mail on the name of the sender (desired recipient), then select "Outlook-Eigenschaften öffnen" and click the button "Zu den Kontakten hinzufügen".
  • You can then check the validity of the certificate in the contact you have created.

Open the contact. In the contact go to the saved Outlook data of the contact (click on "Outlook (Kontakte)" below "Datenursprung anzeigen".

In the menu item "Anzeigen" you will find the user's saved public certificates. Pay particular attention to the validity of the certificate. Click on button: "Eigenschaten". You can delete existing outdated certificates of the user here.

[Translate to English:] Sreenshot Zertifikat im Kontakt

If none of this works, you have to export the certificate from the signed mail: Look at the signature of the certificate as described above, Click on button "Details", mark the user certificate with the name, click on button "Details anzeigen", button "Zertifikat anzeigen", tab "Details", button "In Datei kopieren ...".

Then import the file into Outlook contact.  Open the Outlook contact an go to the certificates as described above. Click onb button "Importieren...", select the file you just saved.