Digitally signing message means that message content (text and attachments) is protected against possible manipulation during transmission. It also allows to verify that message is really sent from user that claims to send the message – this verification is based on comparison of email address in From header field, and email address to which signing certificate applies.
Another verification step is to check if certificate used to sign the message is really identifying the person that claims to be owner of the certificate. The check is done by verifying if certificate was issued by some known certificate authority.
Android devices have installed set of certificates of known certificate authorities in their system, and ProfiMail checks if certificate in signed message was issued/signed by one of these.
Digitally signed messages are similar to ordinal messages – they have readable text and possible attachments, so that also email client not aware of digital signatures can display these. However, they contain additional information with digital signature (this is usually displayed as attachment if mail client doesn’t recognize digital signatures) which allows to verify the signature.
Verifying signed messages in ProfiMail
Verification check the conditions above, and display status of signed message as icon with possible states:
- both conditions match, message is successfully verified
- message was not altered, but email address of sender doesn’t match those of certificate (problem with identity of message sender)
- digital signature failed (due to invalid certificate or altered message content)
In case of problem with digital signature, ProfiMail adds artificial attachment to such message named Signature.txt, which contains textual report with details why digital signature is considered to be invalid.
Public key stored in signed message
Signed messages typically contain public key of sender, which is used to verify message signature. This allows ProfiMail to automatically save the public key of sender into certificate manager for further possible use in message encryption for that user.
ProfiMail saves the public key certificate only if there is not already one saved for sender’s email address, or if the new certificate has later expiration date than currently saved one.
Sending signed messages by ProfiMail
In order to digitally sign your own messages, you have to import private key certificate into certificate manager, and assign such certificate for particular account.
When account has assigned private key, you can enable message signing in message composer. This is done in Send sub-menu by enabling Sign message menu item. Note that this menu item is available only if currently selected sending account has assigned private certificate.