Digital certificates
Without special precautions emails are transmitted across the internet in plain text. That means that their content can be accessed by third parties.
Especially when dealing with sensitive data this kind of risk should be avoided. There is a range of technology available to do so.
Stiftung ear offers email encryption using S/MIME technology. You can request the required certificates to access the encrypted communication.
Emails are encrypted using asymmetric encryption. Each communication partner has a pair of keys consisting of a private key and a public key. The basic principle of asymmetric encryption is that the contents that were encrypted using the public key can only be decrypted using the private key.
If person A would like to send person B an encrypted email, then A needs to possess B’s public key. If an answer from B to A is also to be sent encrypted, B in return has to possess A’s public key.
By encrypting an email it is possible to make sure that no unauthorised third party can see the contents of an email. But the recipient of an email cannot be sure that the sender is who they claim to be, nor that the contents of the email have not been changed during transmission. To ensure this, the so-called email-signature is used. The contents of an email are signed using the private key. It can be presumed that the private key is only known to the actual owner. The recipient’s email program checks the email’s signature. When a check is successful the recipient can conclude that the email has not been tampered with and is actually from the sender of the email.
Person A from the example above would now like to sign the email that they are sending to person B. For this they create a signature using their private key and attach the signature and their public key to the email. The email that has now been prepared is sent to person B. Person B can now use the public key attached to the email to verify the email’s signature. Once the verification has been successful, person B can be sure that person A was the sender of the email.
Stiftung ear sends all communications, information and notifications from the ear-Portal in a PDF-format as an attachment to an email. These PDF files from the ear-Portal are equipped with a qualified electronic signature, e.g. the qualified electronic signature is directly embedded in the PDF file. The qualified electronic signature can be checked using the checking software digiSeal reader that is available free-of-charge.
The elements called ‘public keys’ in the section ‘How does email encryption work?’ are called certificates in the S/MIME terminology. A certificate is created within the scope of creating a pair of keys and is then certified by a trustworthy site – the so-called Certificate Authority (CA). The CA can then be certified by a higher-level CA. In this case it is called an Intermediate CA. A CA that does not require being certified by a higher level authoritiy is called Root CA. Each CA has its own certificate by which it can be identified
Use of certificates at stiftung ear
- Stiftung ear has their own Root CA.
- Email encryption certificates are signed by our Intermediate CA responsible for email encryption.
- All certificates are so-called X.509-certificates.
If you would like to send us encrypted you will need the public key of the person you want to comunicate with. You can get the public key from your contact person.
If you would like to receive encrypted emails from our employees, we will need your public key. Just send us an email signed with your public key from the email address to which we should send the encrypted emails. Please make sure thereby that your email program attaches your public key to the email.
Your contact for safe email communication with stiftung ear is the IT-Processes and Systems Department, Contact: : system(at)stiftung-ear.de.