BaFin

Secure e-mail communication with BaFin

BaFin offers supervised institutions and undertakings a secure means of transmitting confi-dential information by e-mail.

On this page:

SecureMail – Options

For transmitting e-mails securely, the following options are available:

  1. Encrypted e-mail communication using PGP or S/MIME
    To use PGP or S/MIME, you need a PGP key or an S/MIME certificate issued for your e-mail address as well as a corresponding e-mail program.

  2. SSL-protected access to a webmail portal
    If you do not have the possibility of using PGP or S/MIME, communication can take place via our webmail portal. Once you have logged on to this portal, you can use it to send e-mails to your contacts at BaFin and to receive e-mails from them.

  3. Contact form
    If you want to send a message to BaFin only once, please use BaFin's contact form. Your message will be transmitted securely.

SecureMail – How it works

Regardless of whether you wish to use S/MIME, PGP or the webmail portal, you first have to register with us once. In the first case, this is done by storing your e-mail address with your key or certificate on our system, and in the latter case an account for use of the webmail portal is set up.

To initiate the registration process, please get in touch with your contact at BaFin. An employee will then address to you a secure e-mail. If you are not already registered, this e-mail will be retained by our system and you will receive an automatically generated registration e-mail providing you with further information on the registration process.

Note: When you receive the registration e-mail, you may be displayed a warning message. That is because this e-mail was signed by a certificate of BaFin that is not known to your e-mail program. To prevent this notice from being displayed in future, you can classify the certificate as trustworthy.

The registration e-mail will describe two options:

  1. If you have an S/MIME certificate or a PGP key, please send this to us as a reply (in the case of S/MIME you can do this in the form of a signed e-mail; for PGP please send the key as a file attachment). Your key or your certificate is then saved automatically by our system and linked to your e-mail address. Any e-mails from BaFin to be secured are then forwarded to you in secured form.

  2. If you wish to use the webmail portal, you first need a password. You can request this from your contact.
    After that you can register on the portal and then send e-mails to BaFin and receive e-mails using your account. You are automatically informed by e-mail of any new e-mails in your account.

FAQs

Question/issueAnswer
My webmail logon doesn’t work anymore.Please get in touch with your contact.
I have forgotten/lost my password.
My webmail portal account has expired.
I have encountered technical problems.
Key/certificate of my contact person has expired.You can request the S/MIME certificate or PGP key using this form.
I have not been assigned a BaFin contact yet.Please contact BaFin using the BaFin contact form.
Is my certificate/key recorded immediately when I reply to the registration e-mail?In our system, some trust positions to well-known certification authorities have been set up. As a result, most certificates are trusted immediately. In the case of certificates/keys that are self-signed or issued by an unknown certification authority, a manual verification may be necessary. In this verification, the fingerprint of the certificate/key that is sent to us is compared with the fingerprint of your certificate to verify that our system has received the right one. For this fingerprint comparison, you will be contacted by an administrator.

Root certificates

BaFin PGP Root certificate

PGP (Web of Trust)

Download:

Valid from 10.06.2015 – does not expire

Fingerprint:
82 5B B1 04 D6 7A D0 2F DD A8 6B 11 43 C9 7F 05 62 BD 86 25

BaFin Secure Mail Root CA

S/MIME Root CA

Download: BaFin Secure Mail Root CA

Valid from 21.09.2009 until 05.01.2029

Fingerprint:
76:7b:c2:4a:e9:28:d4:7b:c5:91:8c:ad:88:b5:1e:c9:da:98:89:59

CRL: http://securemail.bafin.de/CRL/ServiceHandler?service=createCRL

ESCB PKI – Root CA

Please download and store also the ESCB PKI Root CA:

https://pki.escb.eu/epkweb/en/repository.html

updated on 19.06.2018

Did you find this article helpful?

We appreciate your feedback

* Mandatory field

Additional information

Technical contact