Table of Contents

Encryption and digital signatures

ProfiMail supports advanced security using standard S/MIME mechanism.

Following four functions are provided:

  1. Digitally signing sent messages
  2. Checking digital signature of received messages
  3. Encrypting messages sent to other users
  4. Decrypting received messages

Keys and Certificates

For these functions to work, the system uses public and private certificates.

Why using cryptography for email?

You may not need it at all if you're just sending ordinary mail to your family or think that you have nothing to hide.

However, you may also find security of mail communication to be essential for you. Maybe you are working for a corporation that needs to keep its secrets really secret, or you're just tired of news that someone always scans all your mail communication.

What is difference between SSL/TLS and S/MIME

You may ask why you'd need encryption/signatures if you're already using SSL/TLS for communication with your mail server.

While both these systems use similar cryptography, the difference is in what is actually encrypted. When using SSL/TLS, the connection to your mail server is encrypted while you send or receive mail. So for example, your Wi-fi router won't be able to see or grab communication traveling through it, or your mobile Internet provider won't be able to see it. However, your mail server will receive decrypted mail, and can do with it anything.

Now with S/MIME, situation is different. Encryption/decryption happens between real end-points of mail communication (sender and receiver, real persons), and happens directly on devices that they use to send and receive mail. Only the software where you install your private key is able to digitally sign your sent messages, or decrypt received messages. This limits possibilities for the Man-in-the-middle attack.

What happens if using S/MIME with public mail providers

This is possible to use cryptography with mail services such as Gmail, Yahoo, Hotmail and similar. Your messages will be saved in encrypted form on their servers, and only you will be able to decrypt them - on a device where you have saved your private key.

This implies one limitation - you won't be able to see content of encrypted messages in web interfaces of these mail services, such messages will be unreadable (showing strange attachment instead of real message content). The reason is that these mail services don't have capabilities to use S/MIME security on their web mail clients, and this is good, because if they did, you'd have to upload your private certificate to their server in order for this to work, and suddenly you'd end up with illusion of security, because you handed your private certificate to some other company.

See also: digital signatures, mail encryption