What is a certificate and what is it used for?

Last modified by Mingqi Han on 2023/07/27 08:37

What is a certificate and what is it used for?

This Wiki article briefly explains how to encrypt emails with certificates and what is the point of encrypting your email.

1.What is encryption?

When someone sends an e-mail, it is sent in plain text. This is similar to postcards: The written e-mail can be read by anyone who manipulates the e-mail (e.g. your e-mail service, such as Yahoo, Google Mail, etc., or hackers who intercept your e-mail) while it is being sent and delivered to the recipient.

As an example, the following illustration shows the communication between Alice and Bob :


In our example, Alice wants to send an unencrypted e-mail to Bob. Once Alice clicks Send on your device, her email is sent to the Internet in plain text and sent from her provider's email server to Bob's provider's email server. From there, Bob's device downloads the email and Bob can read it on his computer. During each of these steps, Alice's email can be read by anyone involved, including the email service provider.

2. Why should I encrypt my email?

In order to protect your privacy and any confidential data, e-mails can be encrypted, which transforms the plain text of your e-mail into seemingly random strings and cannot be deciphered by third parties who may intercept the e-mail.

If we look at Alice's example again and Alice wants to send an encrypted e-mail this time, the differences are immediately noticeable:


Still on Alice's device, her email is converted from plain text to an illegible string (represented by a red pad) and from there, as in the first example, sent from email server to email server before Bob can download the email to his device. Only on Bob's device can the email be decrypted and the unreadable strings converted back to plain text. Should the email be intercepted at any point during this process, the recipient would not be able to decipher the email because the text is only available as random strings.

3.What is S/MIME?

S/MIME is a term mentioned in connection with encryption and signing and stands for  'Secure / Multipurpose Internet Mail Extensions'. S/MIME is a commonly used standard for signing e-mails.

4.Difference between public and private key

The university uses a so-called asymmetric encryption method for encryption. In concrete terms, this means that 2 different keys, so-called certificates, are required for encryption and decryption. One of the certificates is called Private Key and the other Public Key. These keys are directly related to each other. The private key is a secret key that remains with the user and is not passed on to others, whereas the public key is passed on to anyone who wants to decrypt the e-mail. It is important that an e-mail encrypted with the public key can only be decrypted with the corresponding private key. Thus, an e-mail encrypted with the recipient's public key (e.g. Bob) can only be decrypted and read by the owner of the private key (i.e. Bob himself).
we will explain the situation again using Alice's example:


While Alice encrypts her email, Bob's public key, which is open to the public, is used to make the plaintext illegible. Bob uses his private key to decrypt the email.

5. How do I get public keys from others?

As already explained, to encrypt the recipient's public key is necessary, but how do you get the recipient's public key? In general, the owner of the private key (Bob) must send his public key to the sender (Alice) himself, so that the sender (Alice) can encrypt the e-mails. In current e-mail programs it is usually sufficient for Bob to send a signed e-mail to Alice.

As this becomes more and more complicated with the number of recipients, the university uses the LDAP server. The LDAP server makes the user's public keys freely available so that encrypted e-mails can be sent without much effort. An instruction how to integrate the LDAP server into your own e-mail program can be found here https://wiki.ito.cit.tum.de/bin/view/Informatik/Helpdesk/LdapZertifikate