E-Mail Security: Why do we need certificates and encryption?

12.10.2021 | Aktuelle Meldungen ITSC, Aktuelle Meldungen SISD
"The weather is really nice, and the food is great..." Postcards rarely contain sensitive personal and private information, so they can be sent without encryption. But what about e-mails?

Although we live in a digitalized world, there are still millions of postcards sent every year. Whenever I send postcards to friends or family, I think about all the hands these cards go through. All postal workers and letter carriers involved in the process of sending these postcards from start to destination can simply take a peek at what is written on there. There is also no way to make sure that the person that has signed the card is not an impostor. Sure, you might recognize the handwriting on the card, but there is no guarantee that the sender is actually the person they claim to be.

Now think about your e-mails. Sending unencrypted e-mails and not using certificates is just like sending a postcard. You never know how many eyes have seen the content of your e-mails and you can never be sure about the identity of the sender. But of course, there are ways to make your e-mail communication secure.

The e-mail protocol

In the origins of internet communication, e-mails were not meant to be anything else rather than plain text. As time went by, the concept of e-mails evolved and users wanted to attach things beyond plain text, for example images or videos. This was the original purpose of MIME (Multipurpose Internet Mail Extension). As already mentioned, the e-mail protocol itself doesn't secure the data that is sent. E-mails can be intercepted and altered by anyone who is willing enough to do so. The users need to protect their data themselves! Current measures for doing so are digital signatures and s/MIME.

Digital signatures and s/MIME

You might wonder: If anyone can intercept and alter my mails: how do I know that an e-mail wasn't sent by a criminal pretending to be someone I know? This is where signatures come in: they are used for authentication. You might see them as a digital seal. The message itself might still be plain text, but at least you can assure that the content was sent by someone you trust.

If you want to make sure that only you and the recipient can read the content of your mail, you need to know about s/MIME. s/MIME in a nutshell: The person who wants to communicate securely would attach a file which contains a key. The recipient would then use this key to encrypt their message and reply with the encrypted message and their own key attached. Now both own each other’s key and can communicate securely. This works by asynchronous encryption, which is explained in more detail here.

What we've learned

Nowadays, it is essential to encrypt your e-mails. It doesn't matter if you are in the home office or at university. Because anywhere, someone else can get access to your e-mail. Now that you know what digital signatures are and how s/MIME works, encrypt your e-mails. How? Click on the links below, and let's do this.