SIT_Logo

How to Exchange Encrypted E-Mail with Fraunhofer Staff

We support S/MIME with X.509 certificates as well as PGP. Most e-mail programs today support S/MIME. X.509 certificates for use with S/MIME are typically issued by a certification authority. PGP on the other hand often requires add-on software but allows its users to create their key pairs without the help of others. encrypted email

Key Exchange

With both solutions you will need our public keys before you can send encrypted messages to us. We will send you our public keys on request, or you can download them from the Web.

Using S/MIME

Fraunhofer operates a corporate public-key infrastructure (PKI). There are three ways to obtain our X.509 keys. To verify their validity you will also have to download the root certificates of our corporate PKI and the Telekom PKI.

Option 1: Use the links we provide on this Web site in the People section.

Option 2: Contact us and request a signed message to be sent to you. This message will contain the sender's public keys. Certificates will be imported into the keystore of your e-mail program automatically in most cases.

Option 3: Go to http://contacts.pki.fraunhofer.de/partner/searchEmployeeCert.asp?language=EN and search for your contact person in the directory. If a certificate exists for this person you will see a link labeled Zertifikat that allows you to download it. Use the save-link-as function of your browser to save the certificate to a file with the extension .cer. You will have to import the certificate into you e-mail program's keystore manually.

To send your own public keys to us please send a signed e-mail message to your contact person(s) or provide us with details where and how to download your X.509 certificate.

Using PGP

Most of our staff are equipped with individually created PGP keys. There are two options to exchange PGP keys:

Option 1: Download keys from a PGP key server

Option 2: Contact the person and ask for key exchange by e-mail.

In both cases you should mutually verify the keys' fingerprints through a different channel, e.g. over the phone.

You may send your own public key to us by e-mail or simply inform us about the key ID after you uploaded it to the PGP key server network.

More Information on E-mail Encryption