Employees of the University of Cologne can sign and encrypt documents and e-mails using S/MIME (Secure Multipurpose Internet Mail Extensions). This requires a personal certificate, which can be requested from the RRZK helpdesk. Students are exempt from using this service unless they are SHK, WHB or WHK.
What is an electronic signature?
According to the eIDAS regulation, electronic signatures are data that are added to an electronic document to confirm that the document has been signed. From a legal point of view, they are proof that neither the transmitted digital document, nor the associated metadata, nor the signature itself has been changed after it has been sent. They also enable the signature creator to prove his identity.
A distinction is made between three levels of trust in the electronic signature:
- simple electronic signature: the originator of the signature is documented, but the identity cannot be proven (more information here)
- advanced electronic signature: the identity of the signer can be verified (e.g. by a DFN personal certificate)
- qualified electronic signature: has the same legal effect as a handwritten signature (Art. 25(2) eIDAS Regulation)
Why is a self-created certificate (for example in Adobe Reader) insecure and not useful?
A self-created certificate does not ensure that the verifier can assign a signature created with that certificate to your identity as a natural person. This is because it is possible to issue a certificate for any person and store information (e-mail address, organization). This information is not verifiable and can therefore be manipulated at will. In this case, it is indeed an electronic signature according to the eIDAS regulation, but the requirements for an advanced electronic signature are not fulfilled and therefore this type of signature has only a limited evidential value. In principle, any person could issue such a certificate for another person and sign with it. By checking the applied electronic signature, however, it can be determined that a self-generated certificate was used for the signature (see here).
By using a DFN personal certificate for electronic signatures, you are using an advanced electronic signature within the meaning of the eIDAS Regulation (Art. 26) and the signature can be clearly assigned to the certificate holder, since only this person has access to the certificate file including the password and authentication has taken place.
Applying for a certificate
You can apply for a DFN personal certificate for e-mail signature, encryption and electronic signature via the Certification Authority (CA) of the University of Cologne.
How to do this is described in these instructions: Applying for a certificate
Sign and encrypt e-mails: Configuring the Certificate in the E-Mail Client
How to set up a certificate in your e-mail client and use it to sign or encrypt e-mails is described in this guide:
Instructions: Signing and/or encrypting e-mails
Sign digitally: Use certificate in Adobe Reader & Adobe Acrobat
Before a PDF document with a DFN personal certificate can be signed electronically at an advanced level on a device, default settings must be made in Adobe Reader/Acrobat. These are described here:
After all settings have been made, you can now sign PDF documents. How to do this is described here:
An electronic signature must be checked for its validity and should exclude any manipulation of the document. This check determines whether a valid certificate and the time stamp service were used and whether the document was not modified after the signature. How you can carry out such a check is described here:
If you have any questions or problems, please contact the RRZK-Helpdesk