skip to content

Encrypting and signing of e-mails with S/MIME

Please note that due to the closed helpdesk no personal certificates can be applied for at present!


S/MIME (Secure Multipurpose Internet Mail Extensions) is a standard for encrypting and signing e-mails.

Certificates for the use of S/MIME can be requested by employees of the University of Cologne (except for student assistants and students) at the RRZK.

Function principle of S/MIME

With an S/MIME based encryption, a matching pair of private and public keys is generated for every user.

The publich key is certified by the certificate authority (CA) and will be send to to the user via e-mail.

The private key is automatcally generated in the browser during the registration.

With the help of those two keys, confidentital information and data can be exchanged with other S/MIME users in two different ways:

  • Sender A encrypts a message with the public key of recipient B. Then only B can decrypt and read the message with his or her private key.
  • Sender A provides a personal signature for the message which can be made with the help of a private key. Recipient B verify the identity of A with his or her public key.

Contrary to PGP and GnuPG no "web of trust", where both parties confirm each others trustworthyness, is established. Instead the public keys are provided by central directory services of the certificate authority. Thus it is of importance if the certificate authority is rated trustworthy by browsers and e-mail clients.

Benantragung und Verwendung eines Zertifikats

Von der Beantragung bis zur Verwendung eines Zertifikats sind zwei Schritte erforderlich, die wir für Sie dokumentiert haben:

  1. Beantragung eines Zertifikats bzw. eines öffentlichen Schlüssels
  2. Exportieren/Speichern des Zertifikats

If you have any questions or problems, please contact the RRZK-Helpdesk