IKB SecureMail services enable us to securely exchange information with our customers and partners.
We support the standards
Click here if you need information regarding the use of S/MIME and PGP.
We prefer the use of S/MIME over PGP, since PGP has many different standards resulting in various incompatibilities.
In case neither of the two standards is available, we can fall back to a PDF based solution.
Please use the follwing keyserver to access our certificates and keys.
|
S/MIME |
ldap://keyserver.ikb.de/cn=S/MIME%20Certificates,cn=Public%20Keyserver |
|
PGP |
ldap://keyserver.ikb.de/cn=OpenPGP%20Keys,cn=Public%20Keyserver |
Download our root certificate or PGP key to trust all our users certificates or keys automatically.
|
S/MIME |
|
|
PGP |
S/MIME related revocation information is published as CRL (via LDAP) and OCSP.
|
CRL |
ldap://keyserver.ikb.de/cn=SafeGuard MailGateway CA,cn=S/MIME Certificates,cn=Public Keyserver |
|
OCSP |
Please ask your responsible person the send your root certificate, information regarding your keyserver and contact details to security@ikb.de.
We have set up trust for many certification authorities (see below) and therefore we suggest that you request a certificate from oe of them.
Please note that some authorities offer demo certificates (class 0) that we do not trust.
After setting up the certificate, please send an email to security@ikb.de. Your certificate will then be imported into our system and is ready to be used.
To tell your computer to trust our certificates, please install them on your system. Here is a detailed description of the import.
Certificates of our users will be attached to the messages you receive.
Of course you can also query our keyserver to find our certificates.
For inquiries please contact security@ikb.de.
We will get back to you as soon as possible.
|
X509, S/MIME |
|---|
|
Thawte (Freemail, PersonalBasic, PersonalPremium) |
|
CaCert (Class 1) |
|
VeriSign (Primary CA Class 1-4) |
|
Telekom (Root CA) |
|
Commerzbank (Inhouse Root CA) |
If a designated recipient of a message does not support either of the two standards (PGP or S/MIME), our SecureMail system will use PDF to protect the information.
The message itself is converted to PDF and any attachments are attached to that PDF.
Finally the PDF is protected with a password that is required to open the PDF.
This "open password" cannot be removed using the well known methods to remove other passwords used to protect a PDF from printing or being modified.
A password is always valid for a combination of sender and receiver.
The sender can define a password to be used. In case he doesn't define a password and no password has been set in a former communication, one will be created automatically.
The sender has to tell you the password. Obviously it is not a good idea to simply send the password in another message.
Phone, fax or shot message (SMS) should be used to communicate the password. Telephone is best, since one can be sure that the correct person receives the password.
Yes. On the last page of the PDF, there is a button taht can be used to reply in a secure way.
You can also request a (secure) copy of your reply for your records.
When using webmail the customer or partner does not have the communication in his records.
Our PDFMail solution enables our customers and partners to keep track of the communication with us in their own systems.
