Secure email - Digitally sign and encrypt emails

Målgruppe: Medarbeidere Tema: IT-hjelp E-post

On this page you will find information on how you as an employee at NTNU can sign and encrypt your e-mail.

Norsk side - Sikker e-post - Digital signering og kryptering

Topic page about Email and calendar | Pages labelled with email

Email is a communication channel where it's easy to pretend to be someone else. One way to make this more secure is to use digital signing. A certificate can be linked to an email address and a key so that when a person has signed an email with his/her key, your email client can verify the signature and make sure that the sender is the one it claims to be.

This guide assumes that you are using Windows, some of the steps may be a bit more complicated on other platforms.

Backup #

Before you start to use certificates and send encrypted e-mail, make sure you have a backup of the certificate with private key. See how to create a backup in this guide: How to backup your digital ertificate. Make sure you store it on a safe location. If this key is lost you will not be able to read encrypted emails.

Create and download your digital ID to send digital signed email #

  1. Open your browser (PS: The following steps only work with Internet Explorer) and go to: www.digicert.com/sso
  2. Type «Feide» as SSO Provider and hit Start single sign-on
  3. Type your username and password and Login
  4. On the next page push Yes, continue
  5. Choose Premium and the validity period you prefer 1, 2 or 3 years  and click Request Certificate
  6. Click Yes in the next dialogue window. Your certificate is now ready for use.

Enable digital signature in Outlook #

  1. Open Outlook
  2. Click File > Options > Trust Center
  3. Click Trust Center Settings…
  4. Choose Email Security on the left side.
  5. Choose Settings under Encrypted e-mail
  6. Choose My S/MIME Settings (email address)...
    1. Click OK if your email address is shown under Security Settings Name
  7. Mark Add digital signature to outgoing messages under Encrypted email
  8. Click OK, followed by another OK

Verify digital email signature #

  1. Open Outlook
  2. Click New Email
  3. Click options-pane and check that Sign is checked under Permission
  4. Send a test email to someone that can verify that your digital signature is  working.

If a red ribbon appears on your email to the recipient, you've done everything right.

Publish your digital ID to the Global Address List (GAL) #

  1. Click File > Options > Trust Center
  2. Click Trust Center Settings
  3. Choose Email Security on the left side
  4. Click Publish to GAL...
  5. A dialogue window will appear with something like this Your certificate...success, click OK
  6. Close all windows. You’re done!

Encrypt e-mail #

Encrypting your e-mail adds a layer of security effective against survelliance and unathorized access.

This procedure will only work if both you and your recipient have aquired and published your digital ID to the global address list (GAL).

  1. Create an e-mail as you normally would
  2. Select the tab Options and chose Encrypt
  3. Write your e-mail as you normally would and send it, if you get an error message there might be a problem with your or your recipients digital ID.

Use the same certificate on multiple PCs #

In order to send signed e-mail from multiple PCs, only one certificate per user is needed. Once a certificate is installed, you can export this from Outlook, then import it to other PCs (you can move the certificate, for example, using a pen drive). To export and import a certificate, follow these steps:

Export a certificate in Outlook #

  1. Open Outlook
  2. Click File > Alternatives > Trust Center
  3. Click the button marked Settings...
  4. Choose Email Security
  5. Click Import/Export
  6. Select Export your Digital ID to a file
  7. Click Select and you will see a dialog window pop up with your certificate > Click OK
  8. Click Browse to choose where you want to save your certificate
  9. Choose a password, enter it twice > Click OK

You have now saved your certificate with password protection. You should save the certificate in a safe location. If you want to use it on another device, you can, for example, copy it to a pen drive.

Import a certificate in Outlook #

  1. Locate your certificate that you have exported
  2. Right-click on it and choose Install PFX and an install wizard will start
  3. Choose Current User under Store Location
  4. Press Next until you are asked to enter a password
  5. Enter the password used when you exported your certificate
    - If you want to be notified whenever the certificate is to be used, choose Enable strong private key protection (not recommended)
    - If you want to be able to export the certificate for reuse, choose Mark this key as exportable (recommended)
  6. Press Next, followed by another Next and then press Finish to end this install wizard

You now need to enable the certificate in Outlook. Follow these steps:

  1. Open Outlook
  2. Click File > Options > Trust Center
  3. Click Trust Center Settings…
  4. Choose Email Security on the left side.
  5. Choose Settings under Encrypted e-mail
  6. Choose My S/MIME Settings (email address)...
    1. Click OK if your email address is shown under Security Settings Name
  7. Mark Add digital signature to outgoing messages under Encrypted email
  8. Click OK, followed by another OK

Your certificate should now be installed on your device.

Contact #

Orakel Support Services can help if you have questions or if you encounter difficulties.

0 Vedlegg
4294 Visninger
Gjennomsnitt (0 Stemmer)