Email encryption with S/MIME
Information in emails can be securely encrypted using the Secure/Multipurpose Internet Mail Extensions (S/MIME) standard so that only the sender and authorised recipients can read it.
S/MIME encryption and decryption requires a user certificate, which confirms your digital identity and ensures the authenticity of your message.
Instructions from ZIM:
- How to request a user certificate (in German)
- How to integrate this certificate in different email clients (in German)
With your S/MIME user certificate you can sign all outgoing emails. This means that each email is provided with a digital signature to confirm its authenticity and to ensure that it has not been tampered with during transmission. This certificate signature is similar to putting a seal on an envelope.
To send encrypted emails to one or more other people, you also need their public S/MIME key.
Two ways to get the public key
Case A: The other person has already sent you an email signed with an S/MIME certificate.
You can then reply directly to this email with an encrypted message.
To send new encrypted emails to the other person in the future, save them as a contact in your email client.
Case B: The authorised recipient has linked their public S/MIME key on their website, e.g. in their contact details.
- Download this key (i.e. the .cer file).
- Create a new contact in your email client, or edit an existing contact, and add the key by clicking 'Add certificate' or similar.
- Save the contact.
Important: Both the sender and recipient need an S/MIME certificate and have exchanged their public key.
