Bitte aktivieren Sie JavaScript in Ihrem Browser, um alle Funktionen dieser Seite nutzen zu können.
You need to activate JavaScript in your browser to use all the functions on this page.

Zertificon Blog

We provide encryption solutions and write about 'Secure Business Communications'.


What are email key pairs and certificates, and how are they used?

Companies dealing with email encryption and digital signatures will inevitably confront the issue of keys and certificates. This article briefly overviews the S/MIME certificate standard, which is widely used in the corporate world.

From public key to S/MIME certificate

  1. When you generate a key pair, you create a “private key” and a “public key.” The two keys form a fixed, mathematically dependent pair.
  2. The public key is signed with the corresponding private key and sent to a trust center.
  3. After predefined verification processes, the trust center signs the public key, thereby turning this key into an email certificate. In the certificate, the trust center is subsequently designated as the issuer.
Notice: The private key always remains with the owner/in the company! The email certificate is published and broadly distributed so all potential communication partners can access it.

 email certificate example Z1 Global TrustPointDetails of an email certificate displayed in Z1 Global TrustPoint

In Zertificon’s Z1 Global TrustPoint, you can find user and domain certificates from over 80 sources. These sources include renowned trust centers, companies, and organizations that issue their own certificates.

The functions of the private key and the certificate

By default, the private key has two functions and is used only by the owner of the key:
  1. To digitally sign outgoing emails
  2. To decrypt incoming encrypted emails
The public key/email certificate also has two functions and is used by your communication partners:
  1. To verify the validity of your digital email signatures
  2. To encrypt emails sent to you

You cannot control the use of the certificate. Your scope of influence is limited to the private key! If you provide your communication partners with certificates for validating email signatures, you cannot prevent them from sending you encrypted emails.

In modern cryptography, signature and encryption are inseparable through a mathematical and logical dependency—even if you find some information somewhere on the Internet to the contrary. Read more on Why digital email signatures and encryption go hand in hand.

You can automate all key and certificate management processes with Z1 SecureMail Gateway. Employees not only won’t need to manage their private keys. Z1 SecureMail Gateway comfortably solves the distribution of your certificates and the search and validation of external certificates. Z1 SecureMail Gateway makes the entire certificate exchange process between you and your communication partners automatic and all invisible in the background.

Additionally, Z1 SecureMail Gateway gives you easily customizable rule sets. That way, you can effortlessly define when encryption and signing must happen for individual users, groups, or even on a company-wide level!

Start your request right now to learn more about the benefits of centrally managed email encryption:

WordPress Cookie Plugin by Real Cookie Banner