- S/MIME (Secure / Multipurpose Internet Mail Extensions)
S/MIME is a standard for digital signature, email encryption, and two-factor authentication.The standard uses public or asymmetric encryption. The encryption uses two keys both owned by the email recipient. One key is publicly available. Anyone can find and use this key. It is used only to encrypt the email to be sent to the recipient. The other key is completely private. Only the recipient can use it. It is used to decrypt the email sent to the recipient.The Danish NemID is an example of asymmetric encryption. When Danish tax authorities send you an email, they use your public key to encrypt access. The same goes for your bank, insurance company and others wanting to send you sensitive data through a secured channel. When you receive the message, you log in with NemID. You will find the private key that grants you access to the message on your personal NemID key card.
- A Digital Signature identifies the sender of an email and notifies her if the email is forwarded in a modified edition. Additionally, a digital signature makes it impossible for a sender to refuse having sent the email. Certificates can be issued with varying authority. Some only verify that you are the owner of a certain email address. Others state the fact that you are actually you. An example of the latter is the aforementioned NemID.
- S/MIME email encryption makes it impossible for anyone other than the mail recipient to read the sender’s email. Only the recipient can read the email because only he has access to the private key decrypting this message.
- Two-factor authentication allows a system to identify a person who attempts to log in. The person is identified not only through a password that he has generated through the system, but also through another device that the system is familiar with already. That could be a verification code sent to your phone.
Read about GDPR & email security.