How does Secure E-mail work?
The exchange of secure e-mails is based on digital certificates used for both signature and encryption. This means that the certificates practically act as digital passports.
The digital certificate can be used to send electronically signed e-mails. Any modifications in transit can be detected, and the origin of the e-mail can be unambiguously identified. This guarantees e-mail integrity and authenticity.
Encryption is used to send confidential information on a secure basis. Again, the recipient's certificate (public key) is required. Therefore, the public keys must be exchanged prior to the first use of encryption. In the case of S/MIME, the exchange of signed e-mails is usually sufficient. The digital certificate will be available in the e-mail program after automatic or manual import. For PGP, the public PGP key must be sent as an e-mail attachment.
Certification infrastructure
The PKI of Carl Zeiss AG consists of a two-level certification infrastructure with two certification authorities (CAs): the root CA of Carl Zeiss AG and the operational CA for the e-mail gateway.
The root CA is used exclusively to certify other (subordinate) CAs.
The use of the issued certificates is strictly limited to the protection of e-mail communication within the context of Carl Zeiss AG business matters. Any use of these certificates for other purposes is not permitted.
The certificates of the CAs as well as the current revocation lists are available at Certificates.