Digitally signing and encrypting e-mails prevents interception, reading and altering of your messages by unauthorized parties. Recipients of your e-mails are assured that the message came from you and was unaltered. If the recipient is also in the possession of a certificate, you can both exchange encrypted e-mails.
Besides signing e-mails, an e-mail certificate can also be used to sign documents. This works by adding a bit of code to the document, which is then used to guarantee the integrity of its contents. Any unauthorized changes by third parties will result in an error message. Using this type of certificate will allow you to easily add a signature to a Microsoft Office document (for example: Word), Excel or Powerpoint. Unlike PDF Signing certificates, this type of certificate is not trusted by Adobe Reader by default. An e-mail certificate is also suitable for authentication purposes within an application, server or network. It can also be used to, for example, safely identify oneself with an online service.
Sending E-mails Securely
S/MIME is the technical standard used to securely send e-mails. It works by using a digital certificate to digitally sign and/or encrypt e-mails. S/MIME has been integrated in most e-mail clients, examples being Microsoft Outlook and IOS 5 for Apple's iPhone. Any digital certificate containing 'digital signature' as a possible key-usage is compatible with S/MIME and as such for e-mail security. A signed and encrypted e-mail can be recognized by a padlock, and a small rosette symbol in the e-mail.
By signing outgoing e-mails using a certificate, you identify yourself, your company, or your department as the sender of the e-mail. It allows the recipient to verify the e-mail actually came from you. Most e-mail clients offer standard settings for signing e-mail. Possibilities herein vary from singing outgoing e-mails by default, to only signing external e-mail, or specific settings for each individual e-mail.
A digital certificate consists of a private- and a public key. The public key of the recipient's certificate is used to encrypt e-mails. The recipient then proceeds to use the private key of his certificate to decrypt the message. By using this method, it becomes possible to exchange confidential e-mails where the guarantee can be given that only the recipient (as the certificate's owner) can read your e-mails. Encryption of outgoing e-mails thus requires the digital certificate of the recipient. After having received your digital e-mail certificate, becomes is possible to send your private key to the persons you mean to exchange encrypted e-mails with. This can be done by sending an e-mail after having signed it digitally, since doing so will automatically cause your public key to be sent to the recipient together with the e-mail. After the recipient has saved your e-mail address in his or her address book it becomes possible to encrypt e-mails to him/her through the Security Options settings.