Ask the Expert

How to keep messages secure with an email digital certificate

I just received an email from a colleague (referring to our malaria relief programs in a number of countries). Strangely, nearly all the country names were removed/deleted from the text. Note that it seems to be only the names of the countries that are interfered with, nothing else. This must have happened while the email was in transit. It's not the first time this has happened. Why do you think this might be happening?

    Requires Free Membership to View

Even though data is missing from your email, if it is not sensitive or of any value, it is unlikely that this is a malicious attack. It could be a formatting problem with one email program not correctly handling or displaying the content received from another email program. To solve this type of problem, you should check your email program's options. For example, if you use Microsoft Outlook, go to Tools, Options and select the Preferences tab. Here you can change the appearance of messages and how they are handled.

If this doesn't solve your problem and you are sure that your emails are being intercepted and interfered with during transit, then you and your colleagues need to use an email digital certificate to sign and encrypt them. This will ensure nobody other than the intended recipient can read them and the recipient will be able to ensure they haven't been tampered with.

A digital certificate comprises a private key that is stored on the sender's computer and a certificate containing the related public key. You can acquire a digital certificate from what's called a Certification Authority (CA), such as VeriSign Inc. VeriSign sells Class 1 Digital IDs for Secure Email for $19.95. These and other digital certificates work with any S/MIME-compliant email clients such as Microsoft Outlook, Outlook Express, Mozilla Thunderbird or Apple Safari.

A digital certificate used for signing and encrypting emails is bound to your validated email address. Recipients of your messages will know they came from your email address and have remained private and unaltered from the time you sent them to the time they are received. A signed email also provides something called non-repudiation, which essentially prevents the sender from denying later on that he/she sent it.

To send your colleague confidential information via email, you'll need a copy of their digital certificate, which is fairly straightforward to obtain. When anyone sends you a digitally signed message, their email application attaches their digital certificate containing their public key to the message. This is done so that the recipient can verify the sender's signature and confirm that the message was not altered. Once your colleague has sent you a signed email, you can save his certificate onto your computer and use his public key to encrypt messages back to him, and vice versa. Your encrypted message will be unreadable to anyone but your colleague. For instructions on how to digitally sign and encrypt an email message using various email programs, there are some good VeriSign step-by-step guides on email encryption.

Of course, be sure to consider the security of your information once it has been emailed to your colleague. Once it is decrypted and read by the recipient, it can be copied or printed without limit, so always consider the nature and sensitivity of an email's contents before sending it. You must also protect the private key associated with your digital certificate, as this is literally the key to your digital identity.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: