UW Digital ID - Encrypting an Email
This document explains the concept of email encryption and describes the method for encrypting emails.
Encryption works by creating a secure connection between a sender and receiver(s) that will only allow the intended recipients view the contents of an email. For this to occur, both the sender and receiver(s) must be able to decrypt the message via a virtual 'key'. At UW, Public Key Infrastructure (PKI) certificates are used to encrypt and decrypt messages sent.
For the process to work, both the sender and receiver(s) must have the necessary PKI installed on their computer. The sender must have the PKI of the receiver(s) who will get the message (Encrypt) and the receiver(s) must have the PKI of the sender in order to read the message (Decrypt). To install the PKI of either the sender or receiver, both parties must exchange a signed email.
The process for getting a PKI through Digital ID: UW Digital ID - Requesting and Retrieving your Personal Digital Certificate
The process for signing emails should be outlined in KnowledgeBase (https://kb.wisc.edu/) on the search terms of 'uw digital id' and your email client (Example: Thunderbird, Mail.app (MAC), Outlook (2011))
1. Receive a PKI from the UW Digital ID site and configure your current email client to digitally sign/encrypt emails (see above links).
2. Exchange PKI certificates via Sender/Receiver by exchanging signed emails (Not yet Encrypted)
3. Install the PKI certificate from the exchanged email.
3. Sender creates a message to a receiver who has exchanged a signed email with them. Sender should have the Receiver's PKI certificate.
4. Sender (digitally) signs and then encrypts the message for receiver. (Outlined in above links for signing/encrypting)
If all steps above were completed, the receiver will be the only one who can view the message.
If the message was not signed or if either sender/receiver did not have the PKI of the other party, then the message will not be viewable to the receiver of the message.