Secure E-mail Exchange
E-mail is a great way to exchange information easily and rapidly. However, it can also be associated with significant risks when sensitive data have to be exchanged. In the standard configuration of usual e-mail programs, the main risks are as follows:
- Sensitive data might be intercepted and subsequently abused. For example, data might fall into the wrong hands, or might even be modified on the way to the legitimate recipient. Note that by default the data pass several servers in unencrypted form, so that they may be intercepted e.g. by someone with administrator rights.
- E-mails with a forged sender identity may be used in various ways. It is easy to send e-mails with a forged sender address, and also easy to imagine in what way this could be exploited for creating damage.
Fortunately, there are ways to basically eliminate these hazards. Being concerned about the security of the customer's data, RP Photonics encourages customers to establish secure e-mail exchange and is prepared to assist in this process.
Establishing Secure E-Mail Exchange
The above mentioned security hazards can be quite securely eliminated in the following way:
- E-mails can be signed with a digital certificate e.g. from SECTIGO which can be validated by most e-mail programs (without any special measures on the side of the customer). Assuming that the e-mail program will indicate a valid certificate, this ensures the recipient that (1) the received e-mails are really coming from the indicated sender address and (2) that the content of these e-mails has not been modified on the way to the recipient.
- Customers can exchange e-mails with RP Photonics in encrypted form, using the same kind of digital ID. E-mail encryption ensures that nobody else can intercept the information. (Details are given below.)
RP Photonics is currently digitally signing all e-mails from Dr. Paschotta, and is encouraging anyone to use the certificate for sending encrypted mails to us.
How to Obtain an Own Digital Certificate
For exchange of encrypted e-mails and for sending signed e-mails, the customer will need an own digital certificate. It is advisable to get this from one of the well-known certificate authorities, because certificates issued by those are accepted by most software without first installing a certificate of the authority itself. (For example, the Windows operating system comes with a built-in list of trusted authorities.)
When you got your certificate, just sign your mails with it, and tell us that you would like to receive encrypted mails.
Some Explanations on Using S/MIME Certificates
Some fundamental things you should know about S/MIME certificates:
- In order to receive encrypted messages, you need to have some kind of secret, which enables you but nobody else to read such mails.
- An S/MIME certificate is such a secret. However, it is different from a password which you share with the sender: it contains a public part and a private part. The public part is required and sufficient for anyone to send you an encrypted message which only you can read. For reading it, you need the private part, and that part you should not share with anybody else.
- When you install your certificate into your e-mail client software, that contains the private part and public part.
- When you send a digitally signed message, that contains only the public part of your certificate. Therefore, it will enable the recipient to send you encrypted mails, which only you can read.
- Conversely, you will need (as the simplest solution) to receive such a digitally signed mail from your communication partner so that you can send encrypted mails to him or her.
- The detailed handling (e.g. for installation of a certificate, sending encrypted messages etc.) will of course depend on the e-mail client software which you use.
How to Obtain the Digital Certificate of RP Photonics
You can obtain an e-mail from RP Photonics which is signed with our certificate. Your e-mail client can then use that certificate for sending encrypted e-mails to us.
A Simple Alternative
Of course, one may exchange sensitive information simply in the form of attachments which are encrypted with some other kind of software. For example, the program VeraCrypt (a successor of the no more maintained TrueCrypt) can be used, which is available for free, simple to handle and rather secure. The key to encrypt and decrypt the information may then be agreed on e.g. on the telephone.
While this method is conceptually simple, its main disadvantage is that each message or file to be transmitted must be manually processed with this encryption software.
- Of course, RP Photonics can not accept any legal responsibility for hazards arising from e-mail exchange (whether it is encrypted or not). However, customers are encouraged to establish secure e-mail exchange and will obtain assistance for that as far as possible.
- Customers have to make sure themselves that they understand the workings of secure e-mail exchange (e.g. using the resources given below), and they are responsible themselves for taking appropriate precautions. For example, they must take care not to undermine their security by mistakes (such as making a private certificate accessible by others, or simply sending an e-mail to the wrong address).
- Of course, RP Photonics has no way to prevent that e.g. someone will send unsigned e-mails with a forged sender address of RP Photonics (or signed e-mails with a slightly modified address), e.g. with the intention of doing phishing or spreading computer viruses and alike. No technical means can eliminate the need for some level of vigilance on all sides.
It is important that customers understand the workings of secure e-mail. Further information on this topic is available via the following link: