Email encryption with S/MIME

Information in emails can be securely encrypted using the Secure/Multipurpose Internet Mail Extensions (S/MIME) standard so that only the sender and authorised recipients can read it.

S/MIME encryption and decryption requires a user certificate, which confirms your digital identity and ensures the authenticity of your message.

With your S/MIME user certificate you can sign all outgoing emails. This means that each email is provided with a digital signature to confirm its authenticity and to ensure that it has not been tampered with during transmission. This certificate signature is similar to putting a seal on an envelope.

To send encrypted emails to one or more other people, you also need their public S/MIME key.

Case A: The other person has already sent you an email signed with an S/MIME certificate.

You can then reply directly to this email with an encrypted message.

To send new encrypted emails to the other person in the future, save them as a contact in your email client.

Case B: The authorised recipient has linked their public S/MIME key on their website, e.g. in their contact details.

1. Download this key (i.e. the .cer file).
2. Create a new contact in your email client, or edit an existing contact, and add the key by clicking 'Add certificate' or similar.
3. Save the contact.

Important: Both the sender and recipient need an S/MIME certificate and have exchanged their public key.

As mentioned above, S/MIME encryption is only possible under certain conditions. If these conditions are not met, you still have the option to transfer information securely:

• Encryption with 7-Zip: You can use 7-Zip to encrypt your files and then send them by email.
• Encryption with Cryptomator: You can use a trusted cloud service in combination with Cryptomator to encrypt and store your files securely.

To find the best method for your needs, please take a look at our comparison chart.