RP Photonics logo
www.rp-photonics.com

Secure E-mail Exchange

E-mail is a great way to exchange information easily and rapidly. However, it can also be associated with significant risks when sensitive data have to be exchanged. In the standard configuration of usual e-mail programs, the main risks are as follows:

Fortunately, there are ways to basically eliminate these hazards. Being concerned about the security of the customer's data, RP Photonics Consulting GmbH encourages customers to establish secure e-mail exchange and is prepared to assist in this process.

Establishing Secure E-Mail Exchange

The above-mentioned security hazards can be quite securely eliminated in the following way:

Unfortunately, the use of digital certificates can also introduce technical problems. In particular, some e-mail clients (e.g. Outlook Express) appear to demand a digital signature for any replies to signed e-mails, and cause an error message in the case that the sender doesn't have a digital ID. This has irritated some customers. Therefore, RP Photonics is currently no more digitally signing outgoing e-mails by default.

How to Obtain an Own Digital Certificate

For exchange of encrypted e-mails and for sending signed e-mails, the customer will need an own digital certificate. It is advisable to get this from one of the well-known certificate authorities, because certificates issued by those are accepted by most software without first installing a certificate of the authority itself. (For example, the Windows operating system comes with a built-in list of trusted authorities.) For example, you can obtain a certificate (valid for one year) for ∼20 USD from VeriSign via the website Digital IDs for Secure Email.

When you got your certificate, just inform RP Photonics Consulting GmbH by e-mail about that. Also, please send your public certificate (never the private one!) by e-mail, or indicate the used certificate authority (e.g. VeriSign). Finally, set your e-mail program so that it will digitally sign all outgoing e-mails, using your certificate.

How to Obtain the Digital Certificate of RP Photonics Consulting GmbH

For the exchange of encrypted e-mails, the customer also has to install the public certificate of R. Paschotta at RP Photonics Consulting GmbH in his or her e-mail program. If customer's e-mail software can handle S/MIME certificates, the easiest way is to download R. Paschotta's S/MIME certificate here in S/MIME Format (Binary PKCS#7). Alternatively, some e-mail programs (e.g. Netscape Communicator) can integrate VeriSign's directory service, making it easy to download and install a foreign certificate. Otherwise, the certificate can be obtained as follows:

After successful installation, you can set your e-mail software so that messages are sent in encrypted form. As only RP Photonics Consulting GmbH is in possession of the private part of the used key, nobody else will be able to decrypt the data.

A Simple Alternative

Of course, one may exchanging sensitive information simply in the form of attachments which are encrypted with some other kind of software. For example, the program TrueCrypt can be used, which is available for free, simple to handle and rather secure. The key to encrypt and decrypt the information may then be agreed on e.g. on the telephone.

While this method is conceptually simple, its main disadvantage is that each message or file to be transmitted must be manually processed with this encryption software.

Responsibilities

Further Information

It is important that customers understand the workings of secure e-mail. Further information on this topic is available via the following links:

© 2008 Dr. R. Paschotta      Last update: 2008-03-18
arrow