14.12.2016

S/MIME – Your E-Mail Security

Since the scandal of US presidential candidate Hillary Clinton, the discussion surrounding security with regard to e-mail communication has once again come to the center of attention. The consequences of a security gap in email correspondence can be devastating.


Actually, e-mail encryption has not just recently been invented; it has been on the market since 1990. Nevertheless, this safety feature only enjoys marginal popularity. The scandal involving US presidential candidate Hillary Clinton has now directed the media focus to S/MIME again. E-mail correspondence frequently involves important information and data exchange, which should be protected from third party viewing and manipulation.

S/MIME Advantages

S/MIME is designed to protect from co-readers, Man-in-the-Middle-Attacks and hackers. In addition, certificate owners are able to identify themselves to their recipients and verify their e-mail address by utilizing the signature feature. This builds confidence. 

E-mail Encryption Options

Source: GlobalSign

An e-mail may be signed, encrypted, or signed and encrypted. The following icons identify an encrypted or signed e-mail: an envelope, red loop or checkbox mark identifies a signed e-mail based on the multipart/signed format; a lock identifies an encrypted e-mail based on the multipart/encrypted format. Detailed information regarding the certificate used and the certificate owner will be provided when clicking on the applicable icons.

Companies and individuals may install and use S/MIME. All certificates are issued by a Certification Authority (CA), for instance by the S/MIME-provider GlobalSign

Signature Versions

Three e-mail signature classifications are available: class 1 merely verifies the existence of the e-mail address. Class 2 reviews the validity of the e-mail address, as well as the corresponding name and if applicable, features the name and company listed on the certificate. In order to obtain a class 3 signature option, a valid government ID or an excerpt from the trade registry must be submitted. Non-commercial providers normally just offer the regular class 1 signature with a free certificate, which is the first step in the right direction. 

 

S/MIME Installation 

Nearly all e-mail clients support the e-mail encryption protocols. Therefore installing and using S/MIME is quite simple. Whether a certificate is installed correctly is recognizable if the certificate listing appears in the directory folder under “Personal“ or “Your certficates“. The encryption is activated by a one-time exchange of the public encryption between the sender and the recipient. More specifically, the recipient receives an encrypted email and responds via an encrypted email. The automatic use of signature and encryption can be selected in settings. The certificates a user receives within the scope of e-mail correspondence will be automatically saved in the e-mail client as well.

The S/MIME Core

Please be advised that S/MIME is only able to encrypt e-mail correspondence if the recipient is also in possession of a certificate. In addition, the certificate must be re-installed and the encryption must be shared with the e-mail contacts each time the certificate is renewed: Upon expiration of the previous certificate, a new set of encryptions will be generated. S/MIME can be installed on multiple PC’s. The certificate must be exported and imported to the other respective devices. However, it is imperative to select the option to export the private encryption during the first certificate installation process. Otherwise the certificate cannot be used on different devices.

Conclusion 

In times of rising cyber crime, private and business email correspondence has to be protected by all means. An S/MIME certificate installed in the email client will protect from phishing, man-in-the-middle-attacks and unwanted readers. As the implementation has become very user friendly and simple, there's nothing in the way of a secure email communication. 

 


comments powered by Disqus
smime