Skip to main content

Understanding the methods for securing your email

The term “secure email” can be interpreted in different ways based on how you may wish to secure your email communications. Here are some guidelines that you can use when selecting a certificate for securing your email:

Digital Signing

You can digitally sign emails so that the recipient can confirm the identity of the sender.  This can be done in two different ways:

  • If you want the recipients of your emails to know that you as a person signed the email, then you will need to use an identity-based certificate to sign your emails.  Identity-based certificates validate the person who is named in the certificate.
  • If you want the recipients of your emails to know that your email came from a validated email account, then you can use an S/MIME certificate.   S/MIME certificates only validate the email address that is named in the certificate.

Email signing requires a certificate that contains a signing attribute.  When you select a certificate for securing email by using digital signing, IdenTrust will only offer you certificates that contain the signing attribute.

Click on a link below to learn more about how to digitally sign email communications using a specific email client.

Non-Repudiation

Non-repudiation means that when something is signed using an identity-based credential, that signature is legally-binding and cannot be repudiated or refuted.  Email signing, when non-repudiation is needed, requires an identity-based certificate that contains a non-repudiation attribute.  When you select a certificate for signing email using identity-based certificates that provide non-repudiation, IdenTrust will only offer you certificates that contain the non-repudiation attribute.

Please note that S/MIME certificates cannot be used for non-repudiation.

Encryption

  • If you have the public key for a recipient, you can also encrypt the contents of the email sent to that individual.
  • Likewise, if you would like others to send you encrypted emails, you will need to share your public key with them before they can send you an encrypted email.
  • The most common encryption algorithms, including AES, 3DES and RC2 are supported.

Email encryption requires a certificate that contains an encryption attribute.  When you select a certificate for securing email through encryption, IdenTrust will only offer you certificates that contain the encryption attribute.


IdenTrust offers a portfolio of digital identity certificates that can be used to secure email

Depending on the type of certificate used to secure your email, you can achieve a variety of benefits:

  • Ensure the integrity of communications at rest and in transit
  • Confirm to a recipient that the email is definitely from a known sender or email address
  • Lock the contents of a message to prevent tampering during transit

IdenTrust provides a variety of digital certificates that can be used to secure email communications:

Publicly Trusted TrustID® Certificates

  • Are publicly trusted
  • Include an S/MIME email certificate offering
  • Are available with software and hardware  (i.e., smart card or USB token) storage options
  • Offer competitive pricing

There is a TrustID digital certificate to meet every need.  Learn more about TrustID certificates.

Federal Bridge Certified IdenTrust Global Common (IGC) Certificates

  • Are cross-certified with the U.S. Federal Bridge Certification Authority (FBCA) and are government trusted
  • Can also be used for Electronic Prescriptions for Controlled Substances (EPCS) prescribing
  • Are available with software and hardware (i.e., smart card or USB token) storage options
  • Offer competitive pricing

When non-DoD government trust is required, IGC offers the ideal certificate solution.  Learn more about IGC certificates.

Department of Defense Trusted ECA Certificates

  • Are trusted by the Department of Defense (DoD)
  • Can also be used to access secure DoD websites
  • Are offered in multiple assurance levels
  • Are available with software and hardware (i.e., smart card or USB token) storage options

For government contractors and others who communicate with the DoD, this is the ideal certificate. Learn more about DoD ECA certificates.


About Certificate Storage Options

To provide a high degree of flexibility, security and portability, IdenTrust digital certificates can be stored in either the certificate store of your browser or in hardware (i.e., a smart card or USB token).

  • When certificates are stored in the certificate store of your browser, you may only use the certificate from the single computer that it is stored on.
  • For additional security and portability, certificates can also be stored in hardware (i.e., a smart card or USB token).  A hardware-based solution allows you to use your certificate from multiple computers and offers a higher degree of security for your digital certificate.

Based on the security level, some certificate types have a requirement to be stored on FIPS-approved hardware that is provided by IdenTrust.  In these cases, use of a software-based certificate is not allowed.  Information on each certificate type and the allowed certificate storage mechanism is provided in this section of the IdenTrust website.

It is important to know the type of program you wish to be compliant with so that you purchase the correct certificate.


About Certificate Integration with Email Clients

For ease of implementation, IdenTrust digital certificates seamlessly integrate with standard email clients including:

  • Microsoft® Outlook and Outlook Express
  • Microsoft® Outlook for Mac
  • Mozilla® Thunderbird
  • IBM® Lotus Notes Mail
  • Apple® Mail

IdenTrust also offers instructions on how to integrate and use your digital certificate on many of these email clients. Visit our How Do I library to learn more about how to use certificates with your email client.