Professional Documents
Culture Documents
Department of Education
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE
User Support Division
Table of Contents
Table of Contents
What is the best email provider to use when encrypting and signing emails?
Through the PKI, the government’s delivery of services to citizens and businesses becomes safer,
faster, and more efficient.
It is not the certificate that you need to protect but the private key that is associated with it.
Hence, in cryptographic tokens, the private key is generated in the token and cannot be extracted
from it.
Soft tokens however store this private key as an ordinary electronic file. It is usually encrypted and
the encryption is computationally infeasible to break.
Nonetheless, this private key, if someone gets a copy of it and also the passphrase to use it, can be
used along with the digital certificate to fraudulently sign documents or open encrypted email.
However, should you choose that option, you will not be able to do the following:
● Authentication certificate – used in applications that require the user to login; it can be used
to encrypt email.
● Signing certificate – used to digitally sign documents.
However, if the private key is lost, compromised or the passphrase to use it is forgotten, then the
certificate needs to be revoked and a new key can be generated as well as the digital certificate that
will be associated with it.
However, if it is a cryptographic token and the company or CA owns it, then it needs to be
surrendered. Individual owners may continue to use the certificates for transactions outside the
concerned agency.
You cannot, for example, lend it to other people or use it to forge documents or commit illegal acts
with it.
Unauthorized and illegal use are punishable according to the severity of the offense. A policy will be
issued detailing the punishment for each administrative or criminal offense committed in the use of
a digital certificate.
This process will take a minimum of one day and a maximum of two days, depending on the
completion of requirements.
After submission of complete documents, the certificate is issued within a day or two. Section 4.2.3
of the RootCA-CP states that the issuance of the digital certificate should not exceed five calendar
days after successful identity verification.
Google Chrome, Microsoft Edge, or other Chromium-based browsers, on the other hand, do not
recognize Java.
What is the best email provider to use when encrypting and signing
emails?
It is recommended to use email providers, such as Mozilla Thunderbird and Microsoft Outlook, for
your digital certificates.