Secure Email

Introduction

Digital Signature is a secure way to claim genuine sender of an email. The concept is the same as a hand written signature, but it is in digital format.

With the Personal (Smartcard) e-Cert or Personal e-Cert issued by HKUST CA, you can perform the followings:

• Digitally sign your e-mail. This allows the recipient to verify that the message is really from you and that the message has not been altered.
• Digitally encrypt a message to ensure that only the intended party can read it (limited to Personal e-Cert)

You can sign or encrypt your message using any S/MIME (Secure Multipurpose Internet Mail Extension) e-mail client such as Microsoft Outlook, Netscape Messenger, etc. Click here for more information if you are interested on how secure email works.

With the rollout of new HKUST Staff / Student Card, a lot of student already applied for their Personal (Smartcard) e-Cert. In case you have not applied yet, you can easily get your Personal (Smartcard) e-Cert via:

• HKUST Certificate Management System
  

(For users with their own computer and smartcard reader at home, please refer to the web page Preparation for your home computer for the required setup).

Secure Email Tutorials

• HKUST Webmail
  • Sending Signed Message with HKUST WebMail

• Netscape Messenger
• Select your digital certificate with Messenger
• Signing email with Messenger
• Encrypting email with Messenger
• Managing Correspondents' Digital Certificates with Netscape

 
• Microsoft Outlook /Outlook Express
• Select you digital certificate with Outlook
• Signing email with Outlook
• Encrypting email with Outlook
• Managing Contacts' Digital Certificates with Outlook

Reading Messages Signed by HKUST e-Cert

Email users can always read the content of signed messages no matter their email tool supports Secure Multipurpose Internet Mail Extension (S/MIME) specification or not. For example, Pine user will note that there is an additional S/MIME attachment appeared at the end of the message body, in which Pine does not know how to handle it. However, you can still read content of signed message as usual although sender's identity is not being verified.

In order to verify sender's identity who are using the HKUST e-Certs, S/MIME email tools will need to install the HKUST Certification Authority (CA) Certificates. If you are using S/MIME email tool such as Netscape Messenger or Microsoft Outlook, click on the link below on how to install the HKUST CA Certificates:

• Install HKUST CA Certificates

Some email tools (e.g. Outlook Express) will display Security Warning if you are reading signed messages (signed by HKUST Personal e-Cert) without installing the HKUST CA Certificates. However you can always open the message as usual although sender's identity is not being verified.

After you have successfully installed the HKUST CA Certificates, you will note there is a Signed icon displayed with the message if it was digitally signed by a user with a valid digital certificate such as the HKUST Personal e-Cert. You can always view the security information of the certificate by click on the Signed icon. Please refer to the Help page of your email tool for more information on reading signed and encrypted message.

FAQ - General

1. What is "Signed Email"?
2. Do I need to put my digital signature (to sign) on every email?
3. How to send "Signed Email"?
4. Reading Messages Signed by HKUST e-Cert.
5. Why would a signed message show "Unverified Signature" under Messenger?

FAQ - WebMail Related

1. How to send "Signed Email" with HKUST Webmail?
2. There seems no response at the "Please wait, now signing..." screen, why?
3. Is there any limitation on the size of attachment with "Signed Email"?
4. Why is there "Unverified digital signature" message while reading some of the "Signed Email"?
5. Why is there some text / special codes added when I sign message with attachment