Digital Signatures and Certificates for Email
A digital signature is an electronic, encryption-based, secure
stamp of authentication on a message. This signature confirms that
the message originated from the signer and has not been
In order to fully trust the signature, the certificate used to
sign the message must be vouched for. The vouching process adds an
extra level of trust to the signature on the message. In some
cases, the certificate is automatically vouched for by the company
it’s purchased from. In other instances, the certificate must
be vouched for by people who already hold confirmed certificates.
Trust is transferred from one person to the next.
A digital signature for email allows you to prove to the
recipient of your email that you were, in fact, the person that
sent the email and encrypt the email for added security.
Encryption and Certificates
Encrypting a message ensures privacy by converting an email from
plain, readable text into cipher (scrambled) text. Only the
recipient, who has a private key to match the public key used to
encrypt the message, can decipher it. This is a separate process
from digitally signing a message.
Certificates are digital means of proving your identity,
using a public and private key pair. The private key is kept on a
computer that the sender will use to digitally sign messages to
recipients, and decrypt (unlock) messages from recipients. Private
keys should be password protected. The public key is sent to others
or published in a directory, so that others can use it to send you
If you’re a researcher at UB working with Department of
Defense (DOD) grants, you may be required to obtain a certificate
in order to process your grant. The process of obtaining this
certficate (known as an “ECA”) is complex. The
Information Security Office is available to assist you in obtaining
Obtaining an ECA Certificate For Your DOD Grant (For Researchers)
Grants issued by the DOD (Department of Defense) will typically
require you to obtain an External Certification Authority (ECA)
Certificate. This allows for secure communication with the DOD
regarding your grant. As a researcher, you have the option of
obtaining the ECA Certificate on your own, or with the assistance
of the Information Security Office.
If you wish to obtain the certificate on your own, you’ll
need to bring your identity documents to a notary public, have a
form notarized, and physically mailing that form to the company
you’re purchasing the certificate from. Fortunately, the
Information Security Office can also validate your identity
documents and notify the company you are purchasing the certificate
from (Verisign). This simplifies the process and makes your life
The following definitions and instructions can be used when
obtaining an ECA Certificate via the Information Security
Verisign Revokation Passphase
This passphrase is needed if you lose your certificate (for
example, your laptop is lost/stolen) and you need to cancel your
certificate and have a new one issued. Do not lose this
Verisign Retrieval PIN
This will be in the confirmation email that you receive from
Verisign once your certificate is ready to be downloaded. Do not
lose this PIN. If you need to re-download your certificate (for
example, if you buy a new laptop), you will need this PIN.
P12 File Passphrase
This is used to protect your key if you export it for back-up
purposes, or when transferring the certificate to a new
You must start and finish the enrollment process on the same
1. Visit https://eca2048.verisign.com/
(Note: the “https” is required!)
2. Select Enroll for your
3. Click Continue
4. Select Subscriber
Enrollment using Notary
5. Fill out the
Subscriber Information fields
a. For Organization,
enter SUNY AT BUFFALO (ALL CAPS- this is very important and
must be exactly as shown in this step. The Information Security
Office will not be able to assist you otherwise.)
out the remaining fields that are marked with a red asterisk.
c. You can leave optional
fields (e.g. DUNS Number) blank.
6. Select the duration of
your certificate (1-3 years) based on the duration of your grant.
If you grant exceeds three years, you’ll need to renew the
certificate in the future.
7. Enter your payment
8. Enter a password. DO
NOT lose this password.
9. Click Accept &
10. Contact the UB Information Security Office at email@example.com or
716-645-6977 to schedule a time to review your identity
11. Once reviewed, you’ll receive a
confirmation email from Verisign, usually within a few days. Follow
the instructions in that email to download your certificate. If you
need help, feel free to contact the Information Security