• Home
  • Keys and certificates
  • S/MIME and PGP
  • IKB PDFMail

IKB SecureMail

IKB SecureMail services enable us to securely exchange information with our customers and partners.

We support the standards

  • S/MIME
  • PGP (OpenPGP)

Click here if you need information regarding the use of S/MIME and PGP.

We prefer the use of S/MIME over PGP, since PGP has many different standards resulting in various incompatibilities.

In case neither of the two standards is available, we can fall back to a PDF based solution.

Required information at a glance:

Root Keyserver
S/MIME CA-Certificate for S/MIME ldap://keyserver.ikb.de/cn=SafeGuard%20MailGateway%20CA,cn=S/MIME%20Certificates,cn=Public%20Keyserver
PGP CA-Key for PGP ldap://keyserver.ikb.de/cn=OpenPGP%20Keys,cn=Public%20Keyserver

Keys and Certificates

How to get our S/MIME Certificates and PGP-Keys

Please use the follwing keyserver to access our certificates and keys.





Root certificate and PGP master key

Download our root certificate or PGP key to trust all our users certificates or keys automatically.





Revocation information

S/MIME related revocation information is published as CRL (via LDAP) and OCSP.


ldap://keyserver.ikb.de/cn=SafeGuard MailGateway CA,cn=S/MIME Certificates,cn=Public Keyserver



Using S/MIME or PGP

You have an existing public key infrastructure

Please ask your responsible person the send your root certificate, information regarding your keyserver and contact details to security@ikb.de.

You do not have an existing infrastructure

We have set up trust for many certification authorities (see below) and therefore we suggest that you request a certificate from oe of them.

Please note that some authorities offer demo certificates (class 0) that we do not trust.

After setting up the certificate, please send an email to security@ikb.de. Your certificate will then be imported into our system and is ready to be used.

To tell your computer to trust our certificates, please install them on your system. Here is a detailed description of the import.

Certificates of our users will be attached to the messages you receive.
Of course you can also query our keyserver to find our certificates.


For inquiries please contact security@ikb.de.

We will get back to you as soon as possible.

Certification authorities we already trust

X509, S/MIME

Thawte (Freemail, PersonalBasic, PersonalPremium)

CaCert (Class 1)

VeriSign (Primary CA Class 1-4)

Telekom (Root CA)

Commerzbank (Inhouse Root CA)



Notes for IKB PDFMail

What is PDFMail?

If a designated recipient of a message does not support either of the two standards (PGP or S/MIME), our SecureMail system will use PDF to protect the information.

The message itself is converted to PDF and any attachments are attached to that PDF.

Finally the PDF is protected with a password that is required to open the PDF.

This "open password" cannot be removed using the well known methods to remove other passwords used to protect a PDF from printing or being modified.

Password creation

A password is always valid for a combination of sender and receiver.

The sender can define a password to be used. In case he doesn't define a password and no password has been set in a former communication, one will be created automatically.

How do I get my password?

The sender has to tell you the password. Obviously it is not a good idea to simply send the password in another message.

Phone, fax or shot message (SMS) should be used to communicate the password. Telephone is best, since one can be sure that the correct person receives the password.

Is there also a secure way to reply to such a message?

Yes. On the last page of the PDF, there is a button taht can be used to reply in a secure way.

You can also request a (secure) copy of your reply for your records.

Why PDF and not webmail?

When using webmail the customer or partner does not have the communication in his records.

Our PDFMail solution enables our customers and partners to keep track of the communication with us in their own systems.