End-to-end encrypt­ed emails

Secure and encrypted emails

Secu­ri­ty and data pro­tec­tion are very impor­tant to us. There­fore, we offer the pos­si­bil­i­ty of end-to-end encryp­tion for email com­mu­ni­ca­tion. The email is encrypt­ed on the sender’s sys­tem and only the intend­ed recip­i­ent can decrypt the mes­sage. No one in between can read or manip­u­late the con­tent of the mes­sage. End-to-end encryp­tion can be com­bined with a dig­i­tal sig­na­ture. A dig­i­tal­ly signed and encrypt­ed email guar­an­tees that the email actu­al­ly comes from the spec­i­fied sender.

We sup­port S/​MIME and PGP for encrypt­ed email com­mu­ni­ca­tion. Both meth­ods are based on so-called pub­lic and pri­vate keys that both com­mu­ni­ca­tion part­ners have. The sender encrypts the mes­sage with the recip­i­en­t’s pub­lic key, who can then only decrypt the mes­sage again with his pri­vate key.

How to get our public keys

To send us encrypt­ed mes­sages, you need our pub­lic keys. Each talessio employ­ee and cer­tain gener­ic email address­es have their own keys to enable secure communication.

On the one hand, our pub­lic S/​MIME keys are avail­able in pub­lic key direc­to­ries such as OpenKeys or the Glob­al Trust Point. You will also receive them when we send you signed mes­sages. In addi­tion, you can down­load them per com­mu­ni­ca­tion part­ner from our web­site. For exam­ple, if you would like to obtain the pub­lic key for firstname.​lastname@​talessio.​com, you can find it at

https://​keys​.talessio​.com/​s​m​i​m​e​/​f​i​r​s​t​n​a​m​e​.​l​a​s​t​n​a​m​e​@​t​a​l​e​s​s​i​o​.​c​o​m​.​cer

All our S/​MIME keys have been issued by Swiss­Sign AG as Swiss­Sign Per­son­al Gold CA 2014 — G22 keys. The cor­re­spond­ing root cer­tifi­cate is includ­ed in near­ly all oper­at­ing sys­tems auto­mat­i­cal­ly, but can also be down­loaded direct­ly from Swiss­Sign or using the fol­low­ing links:

Swiss­Sign Com­pat­i­bil­i­ty Infor­ma­tion: https://​www​.swiss​sign​.com/​e​n​/​s​u​p​p​o​r​t​/​k​o​m​p​a​t​i​b​i​l​i​t​a​e​t​.​h​tml

Swiss­Sign Root Cer­tifi­cates: https://​www​.swiss​sign​.com/​s​u​p​p​o​r​t​/​c​a​-​p​r​o​d​.​h​tml

Our pub­lic PGP keys can also be retrieved from pub­lic key direc­to­ries such as OpenPGP. We also oper­ate our own Web Key Direc­to­ry (WKD), which can be used to auto­mat­i­cal­ly obtain the keys direct­ly from your email pro­gram. You can also down­load the keys for each com­mu­ni­ca­tion part­ner from our web­site. For exam­ple, if you would like to obtain the pub­lic key for firstname.​lastname@​talessio.​com, you can find it at

https://​keys​.talessio​.com/​p​g​p​/​f​i​r​s​t​n​a​m​e​.​l​a​s​t​n​a​m​e​@​t​a​l​e​s​s​i​o​.​c​o​m​.​asc

How to provide us your public keys

In order to encrypt emails that we send to you, we need your pub­lic key in advance.

If you send us an unen­crypt­ed but signed email, your key is auto­mat­i­cal­ly stored on our serv­er and can be used for encryp­tion in the future. Alter­na­tive­ly, you can also send us your pub­lic keys by email to hello@​talessio.​com as a file. In addi­tion, our email serv­er will attempt to auto­mat­i­cal­ly query pub­lic direc­to­ries to auto­mat­i­cal­ly deter­mine your keys.

If your com­pa­ny has a domain cer­tifi­cate, please also send it to us by email to hello@​talessio.​com so that we can set it up and use it in the future.

Details of our TLS encryption

Where S/​MIME or PGP are not used or can­not be used, we sup­port encryp­tion via TLS 1.2.