Automating Google Workspace (GWS) & more with Apps Script
Securing email and electronic documents with digital certificates, by nicholas davis
1. Securing Email And Electronic Documents
With Digital Certificates
Nicholas Davis – UW-Madison
2. Introduction
Nicholas Davis
PKI Project Lead at UW-Madison
Background in encryption and
authentication technologies
Internet 1.0 is over
Compliance is the word for 2010
Digital certificates bring security
and assurance to your electronic
processes
3. Session Overview
• What is a PKI?
• What are digital certificates?
• What can they be used for?
• History of PKI and digital certificates
at UW-Madison
• Expansion of PKI to UW System
• Question and answer session
• Moving forward!
4. What Is In a PKI?
• Credentialing of individuals
• Generating certificates
• Distributing certificates
• Keeping copies of certificates
• Reissuing certificates
• Revoking Certificates
7. Digital Certificate Uses
Digital Signing – Sign email and
documents to prove that they
came from you AND have not
been altered from their original
form.
Encryption – Protects email and
attachments from being viewed or
altered while in transit or storage
Authentication – Replacement for
username and password
8. Digital Signatures
• Provides proof of
the author
• Testifies to
message or
document
integrity
• Valuable for both
individual or
mass email
9. What Does a Digital Signature Prove?
Provides proof that the
email came from the
purported sender…Is
this email really from
Britney Spears?
Provides proof that the
contents of the email
have not been altered
from the original form
10. What if This Happens at the UW?
Could cause harm in
a critical situation
Case Scenario
Multiple hoax emails
sent with Chancellor’s
name and email.
When real crisis
arrives, people might
not believe the
warning.
It is all about trust!
13. Encryption
Encrypting data with a
digital certificate
Secures it end to end.
• While in transit
• Across the network
• While sitting on email
servers
• While in storage
• On your desktop
computer
• On your laptop
computer
• On a server
14. Email Security
Do you perceive your email to be as
visible as a postcard?
Do you send sensitive information in
email or as an attachment?
How can you be sure the email you
send is protected once it reaches its
final destination?
15. Public and Private Keys
The digital certificate has two parts, a
PUBLIC key and a PRIVATE key
The Public Key is distributed to
everyone
The Private Key is held very closely
And NEVER shared
Public Key is used for encryption and
verification of a digital signature
Private Key is used for Digital signing and
decryption
17. Getting Someone’s Public Key
The Public Key must be shared to be
Useful
It can be included as part of your
Email signature
It can be looked up in an LDAP
Directory
Can you think of the advantages and
disadvantages of each method?
19. Secure Email is Called
S/MIME
• S/MIME = Secure
Multipurpose Mail
Extensions
• S/MIME is the
industry standard,
not a point
solution, unique to
a specific vendor
21. Credentialing
• Non technical, but the most
important part of a PKI!
• A certificate is only as trustworthy as
the underlying credentialing and
management system
• Certificate Policies and Certificate
Practices Statement
22. Certificate Generation and Storage
• How do you know who you are
dealing with in the generation
process?
• Where you keep the certificate is
important
23. Distributing Certificates
• Can be done
remotely – benefits
and drawbacks
• Can be done face
to face – benefits
and drawbacks
24. Keeping Copies – Key Escrow
• Benefit –
Available in case
of emergency
• Drawback – Can
be stolen
• Compromise is
the best!
• Use Audit Trails,
separation of
duties and good
accounting
controls for key
escrow
25. Certificate Renewal
• Just like your passport, digital certificates
expire
• This is for the safety of the organization
and those who do business with it
• Short lifetime – more assurance of
validity but a pain to renew
• Long lifetime – less assurance of validity,
but easier to manage
• Use a Certificate Revocation List if you
are unsure of certificate validity
26. Trusted Root Authorities
• A certificate issuer
recognized by all
computers around
the globe
• Root certificates
are stored in the
computer’s central
certificate store
• Requires a
stringent audit and
a lot of money!
29. Future of PKI at the University
of Wisconsin
Migrating to a new PKI provider
5 year lifetime on certificates
LDAP push and pull connectivity
Beyond UW-Madison, to include
other UW System campuses
Secure business communications
via email between campuses
Perhaps replacing username and
password authentication for
sensitive applications.
30. It Really Is Up To You!
• Digital certificates / PKI is not hard to
implement
• It provides end to end security of
sensitive communications
• It is comprehensive, not a mix of point
solutions
• Internet 1.0 is gone, let’s get down to
the business of securing our
communications.
31. Question and Answer Session
• Nicholas Davis
• ndavis1@wisc.edu
• Please let me know how I can
be of assistance in your PKI,
digital signature and secure
email efforts