FAQ: SecureMail
1. What exactly is being encrypted when we talk about email encryption?
Only the message body of the email is encrypted, other properties such as the sender email address, recipient email address and the subject of the message (and some other information which makes up the email headers) are not encrypted. These data cannot be encrypted as they are necessary for the transportation of the email and for communication between email servers. Anything that is inside the message body will be encrypted and will not be decipherable to anyone except the sender and the recipient.
2. Does NUS IT issue Digital Certificates for email encryption?
NUS IT issues digital certificates that are signed by VeriSign for email encryption.
I have a problem encrypting an email which I want to send to User A. What could be wrong?
To be able to send encrypted email to User A, the public key of User A must be available to you. This means User A must also have a digital certificate and that the public key is published somewhere which is easily accessible.
Note that it is not necessary to have the recipient’s public key to digitally sign an email.
3. How can I publish my public key so that others can send encrypted email to me?
Your public key is automatically published onto the Exchange Global Address List when you enrolled for the certificate.
For users outside NUS Exchange system, you can send a signed email to the recipient before he/she may make use of your public key by replying. For Outlook, users may also store the sender as contacts so that they may initiate an encrypted email in future without the need to reply a signed email.
4. Can I send Encrypted email or digitally sign an email to a Distribution Lists?
Encryption requires the digital certificates of both sending and receiving parties; therefore it is not possible to send encrypted messages to Distribution Lists as a Distribution List do not have digital certificates. It is, however, possible to encrypt a message to be sent to multiple recipients at one time. The email software (eg. Microsoft Outlook 2003) should split the same email into multiple copies and encrypt the individual emails with individual recipient’s public key and send them out. If any of the recipient’s public key is not available, you will not be able to send the encrypted message to that particular recipient.
5. Why can't I open an encrypted email in my Outlook?
Please make sure you have your eToken plugged into your computer. Without the eToken, you will not be able to open any encrypted email.
6. How long does a digital certificate last?
Your digital certificate is valid for one year.
When your digital certificate is about to expire (about 30 days before expiry), you will receive an email notification to renew your digital certificate. Please follow the instructions in the email to renew your digital certificate.
It is important that you renew promptly before your digital certificate expires. After it has expired, you will not be able to renew your digital certificate. You will then have to apply for a new digital certificate.
7. What happens to my email when my digital certificate expires?
When you digital certificate has expired, you will not be able to sign or encrypt new email. But as long as the expired digital certificate is still in your eToken, you will still be able to read previously encrypted email.
8. Which email clients support the use of my eToken and digital certificate?
Supported email clients include:
• Microsoft Outlook
• Microsoft Outlook Express
• Mozilla Thunderbird
Note: Supported operating systems are Windows 2000 and Windows XP. Other operating system such as Macintosh and Linux does not have the supported drivers from the vendor and as such the service cannot be utilised.
9. Can I use my eToken on computer at home?
Yes. Please refer to configuration page.
10. Can I encrypt an email to a user who does not have digital certificates?
No, it is not possible to digitally encrypt an email to a user without his/her private key.
11. How can I tell if a NUS user have a digital certificate?
You will receive an error when you send an encrypted email to a NUS user who do not have digital certificates. Optionally you may save the user as a Contact in your Outlook, you can then check if any digital certificate is present under the Certificates tab of the properties of the Contact.