Explanatory notes on e-mail security

Why are e-mails encrypted and signed?

A normal e-mail sent via the internet is as public as a postcard: Anybody who is involved in the transport process can read it. The fact that e-mails can easily be tampered with by sending an e-mail under a different name or by manipulating the content is another problem. Encrypting the data and e-mails ensures that only the sender and receiver can read the electronic post. Digital signatures allow the receiver to check whether the e-mail is from the sender (authenticity) and has not been tampered with or changed at a later stage (integrity).


A key is a value, which uses an encryption algorithm to produce encrypted texts, for example. Keys are essentially very long strings of characters. The size of a key is specified in bits. When using keys for encryption, the following applies: The longer the key, the safer the encrypted text.

Mathematically speaking, public and private keys are related, although it is not possible, at the present time, to deduce the private key solely from the public key.


In an environment with public keys it is very important that the key used actually belongs to the desired subscriber and is not a counterfeit. Certificates make it easier to check whether a key really belongs to the indicated owner. A certificate is basically a pass, which allows for the public key to be allocated to a person or an institution to be confirmed, ideally, by a trustworthy institution or person.

Revocation procedure?

A certificate has to be revoked, for instance, if a private key is lost (eg through destruction of the token or deletion of the PSE software), if unauthorised persons are suspected of having access to the private key (eg because the password was compromised) or if the key subscriber is no longer authorised to use it (eg if he/she no longer works for the company or in the case of a change in function of the functional addresses).

The subscriber or his superior can revoke a certificate with the PKI operating unit

  • by telephone
  • by e-mail or
  • in writing.

The following questions should be answered:

  1. What is the user name?
  2. What is the user e-mail address?
  3. What is the certificate's serial number (if available)?
  4. Why is the certificate to be revoked?

An e-mail is sent informing the subscriber about the revocation of the certificate.