I use two certificates, one certificate for encryption and the other certificate for signature. However, I find no way to adjust this. I can install my certificates, but how do I get em to use one certificate only for signature and the other certificate for decryption?
Your own certificates or keys you can use only to sign your outgoing emails.
In order to encrypt an email, you need the receiver to first send you their public key. You don’t use your own key to encrypt messages. As soon as you have their key, you can add it to eM Client. Then if you send to the same address that is contained in that key, you will be able to use that key to encrypt the message.
Thanks a lot for the fast answer. But I know that. However, I would like to sign an email with my signing certificate and at the same time attach the public key of my cryptographic certificate. in emclient 6 this attitude was still possible.
Right. This is unusual to have two separate keys, when one will do. Have you considered doing that?
You can manually attach any other public key to any email you send, or even set it up in a template. The problem comes when you receive an encrypted email using that public key. Because the private key is not installed in eM Client you will not be able to unencrypt it. Well you might because you can install more than one key in eM Client per email address. You just can’t specify to use separate ones for signing and encryption.
That is not unusual. In many companies, several certificates are issued for different purposes. In emclient 6 it was possible to specify in the settings which certificate should be used for the signature and which certificate (public key) should be attached. Also thunderbird and ms outlook offer this possibility. Since emclient 7 this attitude has been deleted.
Another example. A government sends me an email signed with a signing certificate and the encryption certificate (public key) attached. Both certificates are automatically installed in emclient 7. If I want to send an encrypted mail to the address, emclient 7 selects any of the installed keys. this can then be the key of the signature certificate. The receiver then displays an error.
More and more institutions are turning to multiple certificates for different purposes, and not just using one certificate for both (signature and encryption certificate) in mail.
Thanks für your support.
Picture: Settings in emClient 6 (missed in emClient 7)
Thanks Dirk. Appreciate your comments and examples.
I personally think that most companies try to over-complicate things. I am sure they have their reasons, though maybe it is because the policy makers do not actually understand the technology. The key essentially is used to confirm the email address, so why do you need more than one per address to do that?
I wonder if the same companies require you to use a different key to unlock your office when you come back from HR than when you come back from the bathroom. 
1 Like
I have the exact same problem and it is very problematic.
Using two keys is not uncommon and in some cases even required.
The German certificate issuer Volksverschluesselung.de issues 3 certificates with the help of the German Passport. One of them is only intended for signing, another only for encryption.
In some companies it has even become standard to use different certificates, the encryption certificate is used uniformly for the company and every employee receives their own certificate for signing. So it is possible to encrypt e-mails in central mailboxes and still determine the identity of the individual.
If this function is not implemented, I am actually forced to change the program. I would also want my money back due to incompatibility. And larger companies in particular cannot use EM Client either.
How does it look like? Will this function be implemented again?
+1 blocking point for me to use S/Mime in enterprise.
It need to use one cert/key for signature and one for encryption.