Phishing emails are becoming more and more sophisticated: As a non-professional, the emails that allegedly arrive in the inbox from PayPal, Sparkasse & Co. can often hardly be distinguished from real messages. At the same time, every day, confidential documents and information sent via email end up in the outbox of every company – what could go wrong? In day-to-day business, you don’t think much about the fact that all this information can also end up in the wrong hands after it’s been sent.
In other words: Our electronic messages are not (any longer) protected. In addition to phishing, there are several other methods used by hackers to obtain confidential data such as passwords, credit card data, and access to company-internal cloud storage systems.
One option to solve that problem is an electronic email signature. It’s about a letter seal: The electronic signature means that the recipient can see who the email’s sender is and whether the content arrives precisely as it was sent. Therefore, the electronic signature is not to be confused with the usual email signature, which can usually be seen under the written text in business email communication and lists the sender’s contact information.
The Digital Signature: What Is It?
Is the sender really who he says he is? Can it be ruled out that the content of the email message was stopped and manipulated on the way from the sender to me as the recipient? With the help of an electronic signature, only emails should end up in the inbox for which the answer to all these questions is “yes”.
From a technical point of view, the electronic signature, also known as a digital signature, is a certificate sent together with a regular email. With the help of the certificate, on the one hand, the sender’s identification can be undisputedly checked, and on the other hand, the recipient can be sure that the text has remained untouched on the way.
Sign Emails Electronically: Here’s How
If you want to sign an email electronically, there are two established options: S/MIME and OpenPGP. The procedures operate according to the same principle – based on hash values paired with a public-private necessary procedure – but use different data formats. The decisive factor when choosing a method is the support provided by your mail client because many software solutions support either one or the other method, but not both at the same time.
A digital signature is a type of asymmetric encryption. The sender of an email also sends two keys – one private and one public. The key pair must be certified by an official certification authority. If an email is sent, this happens: Using a hash function, the content is provided with a checksum, which is encrypted again with the private key and attached to the email. The checksum is decrypted using the key and recalculated when the mail arrives at the recipient. If the newly calculated checksum matches the encrypted checksum sent, you can ensure that the text has remained untouched. And the public key? For example, this can also be sent with the email message, or it must be obtained from the recipient via a publicly accessible directory.
Secure Your Emails With Company-Wide Signatures
Some mail clients offer corresponding configurations for electronic signatures, which – once established – do all this automatically in the background. However, anyone speculating about the company-wide use of a digital signature should also consider signing using a gateway that signs all outgoing emails centrally. Otherwise, the effort is extremely high since an authentic attestation is required for each employee and must be entered in the mail program. In addition to the simplified configuration and the central administration, the benefit of a gateway is that the signature of incoming mails is checked before they even land on the mail server and can cause damage here.
But be careful: Although gateway certificates, usually for all email addresses under a domain, are standardized worldwide, some mail clients cannot (yet?) process them correctly and trigger error messages in the recipient. On the other hand, it could make more sense only to certify specific team mailboxes such as accounting@ or application@ – especially the mailboxes that work with confidential data.
Encrypt & Sign Emails: For Secure Email Traffic
Email encryption and the digital signature are two different things – but both are important. As I said, the signature is like a seal on a letter – it is guaranteed that nobody has changed the text along the way. At the same time, the electronic signature ensures that the sender is who he claims to be.
Nevertheless, in theory, the content of the letter is understandable in the way of several – for example, if you hold the sealed letter up to the light. Intending to prevent this, advanced encryption makes sense. This ensures that the letter is put into an opaque envelope so that no one can read the content except the sender and the recipient.
Where Are Electronic Signatures Used?
Initially, the electronic signature was mainly used in public administration and less in the private sector. Thanks to a growing spread in e-commerce, however, the topic is becoming more and more accessible to a large number of people and is gaining in presence and awareness. More and more companies are already using electronic signatures for individual use cases, such as when contracts are signed and sent electronically.