In our business dealings with partners, customers, suppliers, and employees, e-mails have become an indispensable component of our communication. E-mails are electronic post cards that can be made visible to unauthorised third parties with relative ease.
Our business relationships, our relationships of trust with our employees as well as our company and trade secrets are valuable assets and must be protected by IT security measures.
Secure e-business processes are built on trusted identities in the form of digital certificates.
After extensive consultation, we have therefore opted for SwissSign - the leading provider of services for trusted digital identities. SwissSign is a company of Swiss Post and offers digital certificates for servers and devices, for persons, authorities and companies.
SwissSign certificates are already issued in over 50 countries. They are automatically recognised by all major operating systems, browsers and mobile devices and are integrated in partner solutions.
SwissSign is included as a certification authority on the EU/eIDAS 'Trusted List' and complies with the EU Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS).
Functionality
S/MIME (Secure/Multipurpose Internet Mail Extensions), the global standard for e-mail encryption based on a hybrid cryptosystem, offers a relatively straightforward method of securing e-mail communication. All that's required is a combination of a private and a public key with a certificate. It is based on a mathematical procedure or asymmetric cryptosystem. It is also known as a public/private key procedure. The certificate is used to verify the identiy of a user with a certification authority. The certificate allows an e-mail to be signed, encrypted or signed and encrypted. First and foremost, we make use of signing.
Signing
Signing using S/MIME assures the recipient that the e-mail actually originates from the sender and that the message was not manipulated when it was transmitted. A signature generally consists of the sender's certificate including the certificate chain, the signature algorithm and the encrypted hash value. The hash value represents the content of the e-mail as a unique character string that is generated by an algorithm. The e-mail still exists in plain text. The advantage of this is that e-mail programmes without S/MIME support can still display the e-mails. They display the e-mail as usual with the signature file in p7s format as an attachment. Signed e-mails are automatically checked by the e-mail application and marked accordingly with an icon (circled in blue in the picture). Click on the icon to display additional details.
If communication partners also sign their e-mails with S/MIME, these e-mails will be automatically signed and encrypted in future after the certificates are automatically exchanged.