Email Safety: Digital Signatures

A digital signature is a way to verify an email message is truly from the indicated sender and that it hasn't been modified between when the message was sent and when you received it. The digital signature is unique "mark" for the individual.

This is one measure to help prevent falling for phishing messages (sent by an imposter). View more tips on our Think Before You Click page and on phishing.iu.edu.

To get set up with your own digital signature, keep reading.

At IU, the main way to digitally sign email is to use a digital certificate known as an S/MIME (Secure/Multipurpose Internet Mail Extensions) client certificate. Once you get your digital certificate, you can install it on the devices from which you intend to send email (your laptop, mobile device(s), etc.).

Training and support resources

Looking for help with digital signatures at IU? Find what you need:

Quick steps: View "Secure messages with a digital signature (using S/MIME) at IU" on IU Knowledge Base.
Get help now: Contact the Support Center on your campus or your department IT Pros.
Request a training session: Request IT Training come to your class or group to provide a presentation.
View video demos: Scroll down on this page to view how-to videos.

Note: Digital certificates cannot be used with web-based mail clients at this time, such as Outlook Web App or Google Mail in a web browser.

Video demos for installing digital certificates to digitally sign emails

Installing a Digital Certificate using Windows

Description of the video:

[00:00:04]
>> This video will help you install a digital certificate using Outlook 2016 on your PC so you can digitally sign emails that are sent from your IU account. To get started, you'll need the digital certificate file that you've created previously. If you don't have one already, visit the URL on the screen for instructions on how to create your digital certificate.

[00:00:25]
Once you've got your digital certificate, we'll open up Outlook to start the process of installing it. In this video, we'll be starting with the certificate that we emailed to ourselves so we can install it on multiple devices. To start the process of installing the certificate, we'll want to double-click on it.

[00:00:41]
Once we do that, the Certificate Import Wizard will open and walk us through the process of getting our certificate added to our computer. We'll click Next to get started and click Next on the following screen to accept the default settings there. When we get to the Private key protection screen we'll want to check the box, mark this key as exportable, this makes it so we can back up our certificate if we need to.

[00:01:06]
We'll also need to enter the password for the certificate, this is typically the PIN that you chose when initially creating your digital signature. When we're ready, we can click Next. In the following screen we'll accept the default settings and in the last screen we'll click Finish. You should get a pop-up indicating that the installation was successful, Click OK in that dialog box.

[00:01:29]
Now, we'll set up Outlook so it will use our digital certificate to sign our outgoing emails. To do this, we'll click on File in the ribbon and then click on Options. When the Outlook Options window pops up, we'll click on Trust Center and then on the Trust Center Settings button.

[00:01:50]
In the Trust Center Settings window, we'll click on Email Security, now we're ready to add our digital certificate to Outlook. To start, we'll click the checkbox next to add digital signature to outgoing messages, then we'll click on the settings button. In the Change Security Settings dialog box, next to the Signing Certificate field, we'll click the Choose button.

[00:02:13]
That will bring up a dialog box that asks if we want to confirm that our certificate is the one we want to use. We’ll click Okay in this dialog box to continue, we'll do the same thing with the encryption certificate field, we'll click Choose and then click OK in the dialog box that appears.

[00:02:30]
When we're finished adding our digital certificate, we'll click OK at the bottom of this dialog box. We'll also want to publish our certificate to the global address list so that if anyone wants to send encrypted messages to us, they can access our public key to do so. Click on the Publish to GAL button and then in the dialog box that appears, click OK.

[00:02:55]
We did get a dialog box that indicates our certificate was published successfully, click OK in that dialog box. Now we can click OK to close the Trust Center dialog box, as well as the Outlook options dialog box. Outlook will now attach your digital certificate to every email you send on your computer.

Installing a Digital Certificate on an iOS Device

Description of the video:

[00:00:00]
>> [MUSIC]

[00:00:03]
>> This video will help you install a digital certificate on an iOS device, such as an iPhone or an iPad, so you can digitally sign emails sent from your IU email account. To get started, we'll go to the Knowledge Base at kb.iu.edu and search for digital signature.

[00:00:22]
[MUSIC]

[00:00:24]
We'll click on the link for using digital signatures for email on iOS devices. The page that loads contains the instruction you'll want to follow when installing your digital certificate file on your iOS device. In the instructions on the KB, you'll want to highlight the two links in step one, under the heading, Installing on iOS, then copy and paste them into an email that you'll then send to yourself.

[00:00:50]
These links will help you install the additional certificates needed to use your digital certificate. You'll also want to attach the digital certificate you've previously created to that email.

[00:01:00]
[MUSIC]

[00:01:02]
Here is an example email with the links from the Knowledge Base, as well as a digital certificate ready to send to ourselves.

[00:01:09]
[MUSIC]

[00:01:11]
Once you've received the email with the links copied from the Knowledge Base and the digital certificate, you can go ahead and tap the first link to install the first certificate. iOS will ask to open Settings. You'll want to tap Allow to continue. Your device will switch to the Settings app, and show an Install Profile dialogue box.

[00:01:31]
[MUSIC]

[00:01:37]
Once you've entered your pin, you can tap install on the dialogue box that appears, and it will install the first certificate we need for our digital signature to work properly. Next, we'll go back to the Mail app and tap the second link to install the second certificate. The process for installing the second certificate will be the same as the first one.

[00:02:04]
[MUSIC]

[00:02:07]
Once the second certificate is installed, you can go back to the Settings app, and check out each certificate you installed. They should both say verified.

[00:02:17]
[MUSIC]

[00:02:23]
Now you can go back to your email, and install your digital certificate. Tap on the Attach Certificate file to start the installation process. You'll be brought back to the Settings app and another dialog box will appear. You'll want to tap Install at the top right corner of this dialog box.

[00:02:41]
You'll be prompted to enter your pin again. You'll see a warning saying, this profile is not signed. That's okay. Tap on Install in the upper right corner of the dialog box to continue installing the certificate. And then tap Install again in the next dialog box that pops up.

[00:02:59]
[MUSIC]

[00:03:02]
At this point, it will ask for a password for the certificate. This is typically the pin you chose when setting up your certificate. Go ahead and type in the pin and tap Next when you're ready.

[00:03:14]
[MUSIC]

[00:03:15]
Once the installation is finished, you'll see the Profile Installed dialog box. It will still say your certificate isn't signed, but that's okay. Tap Done to move on, and set up your email to use your digital signature. You'll want to switch back to the Settings app, to get your signature set up.

[00:03:34]
If you're in iOS 11, you'll want to go to Accounts & Passwords, in the Settings app. For older versions of iOS, you'll go to the Mail settings. iOS 11 is used in this video. When you're in Accounts and Passwords, tap on Exchange in the list of accounts and then select your account.

[00:03:51]
[MUSIC]

[00:03:54]
A dialog box will pop up. Tap on Advanced Setting to open up the menu where you can set your digital signature. Once in the Advanced Settings, in the S/MME section, make sure the S/MME switch is set to On and that Sign is set to Yes. At this point, when you send an email using your iOS device, it will be signed with your digital certificate.

[00:04:19]
[MUSIC]

Installing a Digital Certificate using MacOS

Description of the video:

[00:00:00]
>> [MUSIC]

[00:00:06]
>> This video will help you install a digital certificate using Outlook 2016 on your MacOS computer so that you can digitally sign emails sent from your IU account. To get started, you'll need the digital certificate file you created previously. If you don't have one already, visit the URL on the screen for instructions on how to create your digital certificate.

[00:00:29]
Once you've got your digital certificate, we'll open up Outlook to start the process of installing it. In this video we'll be starting with the certificate that we emailed to ourselves, so we could install it on multiple devices. To start installing the certificate, you'll want to double click on it.

[00:00:46]
Once you do that, MacOS will ask for the password for your digital certificate. This is typically the pin that you chose when creating your digital certificate. Type in your pin and click OK to move on. The Keychain Access window will open to the "My Certificates" category and show the list of certificates associated with your user account.

[00:01:07]
If you see a certificate with your name in the list, that means your certificate was installed properly. We can go ahead and close this window. Next, you'll need to set up Outlook to use your digital certificate. In order to do this, you'll need to first close and then restart Outlook.

[00:01:24]
[MUSIC]

[00:01:26]
Once Outlook opens again, you'll want to go up to the menu bar and click on Outlook, then click on preferences. The preferences window will open up. From there, you'll want to click on accounts. The Accounts window will open. Click on the Advanced button at the bottom of this window to open up the advanced options.

[00:01:48]
Once the advanced options display, click on Security. In the security options, you'll first want to set what certificate to use for signing messages. In the digital signing section, you'll want to click on the drop down next to certificate and the choose a certificate with your name on it.

[00:02:04]
You'll also want to check the box next to sign outgoing messages. At this point we can also tell Outlook which certificate to use for encrypting messages. In the encryption section, click the drop down next to certificate and choose the certificate with your name on it. However, don't check the box for encrypt outgoing messages.

[00:02:25]
You can choose to encrypt an email when you compose it. The rest of the default settings are fine as they are. At this point you can click OK and then close the accounts window.

[00:02:35]
[MUSIC]

[00:02:37]
Now, when you create a new message in Outlook, your messages will be digitally signed by default, with your digital certificate.

[00:02:44]
[MUSIC]

Installing a Digital Certificate on an Android Device

Description of the video:

[00:00:04]
>> This video. Device such as a Samsung phone so you can digitally signed email account. To get started the digital certificate file you created previously if you don't have one already visit the U.R.L. on the screen for instructions on how to create your ticket. Once you have. You want to.

[00:00:31]
So you have access to it on your Android device. Few things to keep in mind regarding. To use a certificate device. Four point four. And that's not necessarily a guarantee that your. Mail app will support digital signature if your phone doesn't support. But you still want to e-mail you might want to use a paid app for Google Play Store nine is one e-mail app that allows for digital signatures.

[00:01:05]
You also need to set up a lock or a password for storing your certificate on your device in order to make sure that it's secure. With that being said let's walk through the process of setting up. A device there are two. Devices will be demonstrating both methods in this video.

[00:01:29]
Phone keep in mind that your interface may look different than what's being demonstrated here. Different places or the interface may look different than what's on your device the step should be the same on the majority of Android devices. The first method starts with installing. And. Using the mail.

[00:01:57]
Once we. Get the. Get Attached we can tap on the certificate to start installing it will be asked for the password for the certificate this is typically the pin you chose when creating. In the next screen that will be given the chance to name your certificate the default name for the certificate is fine for our purposes today but if you wish you can rename it.

[00:02:29]
The use option effective. Once you're ready. And you. Think it was installed now you can set up your email app to sign your emails to do this the settings for the email at. Once in settings. In the list of accounts in the next green scroll down until you see security options underneath advanced settings having.

[00:03:01]
Security Options to contain. In the security options menu. Outgoing emails and then tap done to finish your certificate is now installed and your outgoing. Email indicator to the left of the subject field indicating that. The next method involves installing a certificate that's been downloaded. And is demonstrated using the default mail at.

[00:03:35]
Twenty. To get started you'll want to your devices. In settings down to account. And then tap on that to move to the list of accounts on our device in this look for the entry for Microsoft Exchange to continue. Once you're in the Microsoft Exchange settings menu email settings.

[00:03:59]
In the. Email settings menu under the accounts and sync cap on your account this will bring us to the e-mail setting specific for our account will scroll down until we see the security settings menu item tap on that to continue. In the security settings menu most options will be greyed out until we install the certificate we want to tap on certificate at the bottom to start installing are.

[00:04:27]
At this point our device will tell us we currently don't have any certificates but we can install one if we wish. To continue if your certificate is downloaded to your devices internal storage your phone should automatically detect it and ask for you to enter the password for the certificate again this is the pin you chose when initially creating your certificate.

[00:04:51]
And continue. Next were given the option to give our certificate for our purposes we'll use the default but if you wish you can rename yours when we are ready we can continue will be private to the select certificates your certificate should show up in that list and should already be selected.

[00:05:15]
To allow your device to use that certificate. Next will want to tap the switch next to signature to have our sign our outgoing messages with our digital certificate now if we send our emails will be signed in the mail app for the twenty you'll see an indicator to the right side of the subject field that indicates your email will be signed when Thank.

[00:05:48]
You.