If you’re looking to digitally sign your e-mails, there are two standard practices available: S/MIMEand OpenPGP. Both work on the same basic principle, but they use different data formats; the majority of software solutions only support one of these two formats.
The basic principle when it comes to creating a digital signature is the concept of asymmetric encryption. This means that the sender receives two keys from the key generation algorithm: a private key and a public key. The mail programme of the sender automatically creates a checksum of the mail content, encrypts the checksum with the private key, and then attaches it to the e-mail.
The public key is either sent with an attachment or obtained by the recipient via a public directory. The mail programme of the receiver then decrypts the checksum, recalculates it and then checks the results. If the results match, you can be sure that the message has been signed with the private key that matches the corresponding public key. The authentication is successful and the e-mail is proven to have come from a trustworthy source and to have arrived without manipulation.
One requirement for the use of digital signatures is that your e-mail client is configured correctly in advance. If that’s the case, the process described above will take place automatically in the background, without you noticing. For information on how to set up your e-mail client for this, check out the support page for the software you’re using, for example Microsoft Outlook or Mozilla Thunderbird.
How is the public key organised so as to be unique to each sender?
Needless to say, this procedure would only make sense if the recipient can identify the sender beyond any reasonable doubt. So the official certification authority (CA) only provides the key after first identifying the sender; only once the certification authority has issued a certificate can the key be officially validated. Since the recipient’s system has to recognise the key in order to ensure the authenticity of the certificate, this information also has to be downloaded and installed by the certification authority. The e-mail programme then later picks up the authentication automatically.