Due to the ever-increasing digitisation, also with regard to internal or cross-institutional work processes, the need to secure exchanged information and its sending instances is becoming ever greater. In order to meet this need, it makes sense to use personal security certificates to digitally sign documents and emails. The general handling of personal security certificates at DESY is explained below and on other websites.

Firstly, the most important questions are answered about what should be considered when dealing with them and in what form digital signatures can be used. The links below also describe how you can apply for digital signatures and install them on your computer (Windows only for the time being). The last point deals with how digital signatures can be used in messaging and in various documents (such as Word, Excel or PDF).
 

General information

DO's AND DON'T's

Apply for a personalised security certificate

Before you can sign your e-mails or documents digitally, you need a personal security certificate (so-called user certificate).

You can find step-by-step instructions on how to apply for and install your personal security certificate on the following website:

https://it.desy.de/services/uco/documentation/digital_signatures/request_user_certificate/index_eng.html

Use certificate file

You can use your certificate file in numerous programmes. For example, you can sign e-mails or various documents. Your certificate is linked to the e-mail or document to be signed and thus digitally confirms that you have digitally signed the file. If changes are made to the document, your signature is automatically removed from the document.

Information on using your certificate file for various applications can be found on the following websites:

Digitally sign emails

https://it.desy.de/services/uco/documentation/digital_signatures/digitally_sign_e_mails/index_eng.html

Digitally sign documents

Unfortunately, it is currently not possible to sign documents with user certificates from the provider Geant/Sectigo. The internal signing of documents is also not normally necessary or digital workflows such as those that can be mapped via GO or FMS are sufficient here. If digital signatures are required on documents and no other solution is available, the use of third-party software must be considered.

Verify digital signatures

If you receive signed e-mails or documents yourself, you should check whether the sender's digital signature is valid. The following website describes how you can do this in various applications:

https://it.desy.de/services/uco/documentation/digital_signatures/verify_e_mail_signatures/index_eng.html

Encrypt data

We strongly advise you not to encrypt files, emails or other data! The reason for this is that this data is irrevocably lost if you lose your certificate file. Even if your certificate has expired and you are already using a new certificate, you must be in possession of the old certificate file in order to continue to access your older encrypted e-mails and documents.

If you have lost the required certificate file, DESY-IT will not be able to help you restore the data.