Using your personal certificate, its associated private key, RTE CAs certificates and RTE’s application certificate, you can:
- Decrypt and verify the signature of emails you receive from RTE applications,
- Encrypt and sign emails you send to RTE applications.
Decryption and verification of the signature of a message are disjoint processes. When you receive an encrypted-signed message:
- You decrypt the message with the private key associated to your personal certificate,
- You verify the message signature with the certificate of the sender (that of the RTE application) contained in the message, and with the certificate you own of the issuing CA that you trust.
These two processes are done automatically when you open a signed-encrypted email with a properly configured email client that supports the secure email format S/MIME.
IMPORTANT NOTE
To verify the signature of a message you need to own the right certificate and trust the CA that issued the certificate of the sender.
Encrypting and signing message are two disjoint processes. When you send an encrypted-signed message:
- You sign the message with the private key associated to your personal certificate,
- You encrypt the message with the recipient’s certificate (RTE’s application certificate).
The certificate of the recipient can be obtained in several ways. RTE applications transmit to you their certificate by sending a signed message: that is the way you will get their certificate.
In doing so, when you receive a signed message, use "Add sender to contacts" to save at the same time its certificate, which you can use to send encrypted messages to him.
IMPORTANT NOTE
Encrypting a message requires to possess a valid certificate corresponding to the recipient's email address.
In order to be able to exchange signed-encrypted emails with RTE, the steps are as follows:
- Install the certificate of the 3 RTE’s CAs (Historical, Root, and Client), so that your mail client trusts RTE’s applications certificates and is able to verify the signature of signed-encrypted emails you receive from them.
- Install your personal certificate, so your mail client can decrypt the messages from RTE and sign messages to RTE.
- Configure the email account you will use to exchange with RTE so that your email client always encrypts and signs messages to the RTE applications using the standard S/MIME.
- Install RTE’s application certificate, so that your email client can encrypt emails you send to RTE applications.
To perform these steps, please refer directly to one of the following chapters: the one concerning the email client that you use for your mail exchanges with RTE.
Error codes returned by email
In an exchange of emails between the user and an application, when the certificate was generated and installed using the procedures described in this document, it is possible that
functionality error appears. In this case, the element (a server or a gateway) in question returns an error code by email.
The object of error messages returned by RTE’s cryptographic gateway is as follows:
nnn!!<Intitulé-FR>!!<Title-EN>> <Sujet-du-message-original>
