Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Abstract: A first installation stores a secret key of a user and a second installation provides encrypted data for the user. In order that a user apparatus can decrypt the encrypted data, the apparatus creates a one-time password, encrypts the one-time password by means of a public key of the first installation and causes the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation. The first installation decrypts the one-time password, searches for the secret key based on the key identification, encrypts it with the one-time password and transmits the encrypted secret key to the apparatus via the second installation. There, the secret key of the user is decrypted by means of the one-time password and is used for decrypting the encrypted data.