The circular letter "Sending of confidential data by electronic mail" from the KIT (CIO) representative Mr. Juling and the KIT (DSB) data protection officer Ms. Bitmann contains important information on the handling of e-mail traffic. Please read this information carefully.

• Read the KIT-CA instructions step by step. For various points of the procedure and the integration of the certificate, necessary notes are included.
   
• It is especially important to save all of your own private keys in a safe place, only then encrypted sent and received e-mails can be read again later. These keys must be re-imported when a computer is changed, and they are still required for old e-mails even if a new key has been requested and set up. So all private keys that have ever been applied for must be stored securely so that they can be imported again at any time on new devices.
   
• Lifetime of the certificate: maximum 3 years for the old version (DFN). Even after a certificate expires, the old private key has to be stored for older encrypted e-mails.
   
• All e-mails should be sent signed by default and encrypted only when necessary (sending personal or sensitive data).

You can find detailed instructions at https://docs.ca.kit.edu/geant-tcs/en/persons/.

It is recommended to go through these instructions step by step to avoid problems when applying for or setting up your certificate.

• public keys can no longer be used for encryption after expiry.
• private keys can no longer be used for signing after expiry.
• private keys can and must continue to be used to decrypt mails and attachments encrypted with the corresponding public key after expiry.

From this follows the necessity for the own certificates:

• After certificate expiration a new certificate must be applied for
• Import of the new certificate
• The expired certificate must not be deleted, otherwise old and archived mails cannot be decrypted.
• all private keys ever used have to be stored securely and restored on new computers.