Import and use digital IDs

These guides describe how to import a digital ID into email programs and other software and how to use it.

• For signing and encrypting emails:

  • with Microsoft Outlook and Microsoft Exchange

  • with Microsoft Outlook Web App (OWA)

  • with Mozilla Thunderbird (outdated guide)

  • with Apple Mail

  • with Evolution

  • on a smartphone or tablet with Android (outdated guide)

  • in PHP scripts

• For proving your identity in the WWW (as a better alternative to a password):

  • with Mozilla Firefox

  • with Microsoft Edge, Chrome, and other browsers under Windows:

    • They use the digital IDs imported into Microsoft Outlook

  • with Apple Safari, Chrome, and other browsers under MacOS:

    • They use the digital IDs imported into Apple Mail

  • with Chromium under Linux:

    • Under Settings → Privacy and security → Security → Manage certificates you find a settings pages that is quite similar to the one provided by Mozilla Firefox

  • in PHP scripts

• For signing PDF documents:

  • with Acrobat Reader or Acrobat Pro

  • in PHP scripts

• For running a TLS server:

  • with the webserver Apache

Further guides are still to be created.

If your software is not listed above, you should consult the guide for Mozilla Thunderbird—most email software works the same way.

If there is a manual for the device or software you are using, you should consult it. Look in the table of contents or in the index for key words like “S/MIME”, “certificate”, “PKCS#12”, “sign”, “signature”, „encrypt“.

(Unfortunately the word “signature“ has two completely different meanings in the email context: It can mean both the footer lines usually containing contact information and the cryptographic signature replacing a handwritten signature.)

According to https://www.pdf-insecurity.org/, most PDF readers, even from Adobe, do not check electronic signatures correctly. There are numerous diffent ways to trick these PDF readers into displaying forged content as genuine!

Obviously PDF internal signatures suffer from conceptual weaknesses. We therefore recommend to no longer trust PDF internal signatures at all.

Exceptions are possible if – as in the university administration – software is used for signature verification that is insensitive to all attacks mentioned on https:/www.pdf-insecurity.org. This must be checked again after each update of this website or the software.