skip to content

Encrypting and signing of e-mails with S/MIME

Please note that due to the closed RRZK helpdesk, personal certificates can currently only be applied for on site with significantly increased effort! If you still absolutely need a personal certificate, please contact immediately after submitting the application.

S/MIME (Secure Multipurpose Internet Mail Extensions) is a standard for encrypting and signing e-mails.

Certificates for the use of S/MIME can be requested by employees of the University of Cologne (except for students) at the RRZK.

Function principle of S/MIME

With an S/MIME based encryption, a matching pair of private and public keys is generated for every user.

The publich key is certified by the certificate authority (CA) and will be send to to the user via e-mail.

The private key is automatcally generated in the browser during the registration.

With the help of those two keys, confidentital information and data can be exchanged with other S/MIME users in two different ways:

  • Sender A encrypts a message with the public key of recipient B. Then only B can decrypt and read the message with his or her private key. 
  • Sender A provides a personal signature for the message which can be made with the help of a private key. Recipient B verify the identity of A with his or her public key.

Contrary to PGP and GnuPG no "web of trust", where both parties confirm each others trustworthyness, is established. Instead the public keys are provided by central directory services of the certificate authority. Thus it is of importance if the certificate authority is rated trustworthy by browsers and e-mail clients.

Applying and usage of a certificate

Before a certificate can be used, it must first be applied for.

Afterwards it can be used, for example in e-mail clients or in Adobe Reader.

Further information concerning the electronic signature can be found here: electronic signature.

If you have any questions or problems, please contact the RRZK-Helpdesk