Návody FIT
Jdi na navigaci

Signing with certificates (EN)

A personal (digital) certificate can be thought of as a "digital identity card" that is used to secure electronic communications, authenticate to network services, etc. They are based on asymmetric cryptography, where different keys – private and public are used for encryption and decryption. A digital certificate is then a public key enriched with its owner’s identifying information and signed by a so-called certificate authority that guarantees its trustworthiness.

Upozornění:

Never give your private key to anyone. The person with your private key can easily impersonate you.

CESNET Personal Certificates

A personal certificate is available to all students, staff and associates at the school e-mail address completely free of charge. This service is provided for us by CESNET and the current issuer of these certificates is COMODO.[1]

To obtain a certificate, use procedure on CESNET website.

E-mail communication

With the use of personal certificates it is possible to either sign or encrypt e-mail communication. Both of these options are provided by the mail client automatically.

Set up the mail client as follows:

  1. If you haven’t done so already, get your digital certificate.
  2. The next procedure varies depending on the mail client you are using.
    Microsoft Outlook (desktop)

    The instructions can be found at Microsoft’s official site.

    Microsoft Outlook (online)

    This option is not supported, please use one of the desktop alternatives.

    Thunderbird

    The instructions are located on a separate page.

    Apple Mail

    The instructions are located on a separate page – iOS, macOS.

  3. In case of problems, use the Support.

Signing

Emails as such are not foolproof; virtually any information in the header of an e-mail, including the sender’s address, can be spoofed quite easily.[2] This means that even if you get an e-mail from a faculty domain, you cannot be sure that the sender is actually the person to whom the e-mail address belongs!

This is the problem that trusted digital signatures solve. It makes it easy to verify that the e-mail was actually sent by who it claims to be, and that it has not been altered or damaged in any way along the way. The actual signing and verification of the signature is done automatically by the e-mail client.

However, the electronic signature does not guarantee the secrecy of the message (encryption)!

Encryption

Encryption is used to keep the contents of a message secret.

Make sure you have the public key of the recipient(s) you want to encrypt the message for. Otherwise, the message cannot be encrypted and you must first obtain the recipient’s public key.

Decryption can then only be performed by the end recipient with a valid certificate (performed automatically by the e-mail client).

  1. Its root certificates are included in the basic set of certificates included in systems and web browsers, so they are considered trustworthy.
  2. This is widely exploited by scammers, especially through methods known as phishing, where they try to con trusting users out of their passwords, etc.