With the MailSealer you can sign and encrypt emails for sending.
The REDDOXX Appliance provides two different methods divided into 2 product groups.
The MailSealer Light encrypts on the basis of a passphrase (symmetric):
The MailSealer encrypts and signs according to S/MIME on the basis of X509v3 certificates or key pairs (asymmetric):
With signed E-Mails, the recipient can check, if the email was delivered without any change on the way from sender to recipient and if the E-Mail is indeed from the sender.
For signing an E-Mail, a valid private sender certificate and a valid and complete certificate chain (intermediate / root issuer certficate) is required.
The private sender certificate needs to have to include "digital signature" as Key Usage.
When signing an E-Mail, a hash value (checksum) over the E-Mail document is generated and then encrypted using the senders private key.
The so signed E-Mail includes the original document, the encrypted checksum and the senders public key.
For validating an E-Mail Signature, a valid public sender certificate and a valid and complete certificate chain (intermediate / root issuer certficate) is required.
The receiving system can validate the delivered checksum against the checksum that is created with the delivered E-Mail and the senders public key.
If the checksums match, the E-Mail has not been manipulated on the transmission.
For encrypting an E-Mail via S/MIME, the recipients public certificate, the senders private certificate and valid key chains are required.
The private certificate has to provide "digital signature" and "key encipherment" as Key Usage.
For decrypting an E-Mail via S/MIME, the recipients private certificate, the senders public certificate and valid key chains are required.