I tried eM Client for mail encryption and found the following
My setup:
two mail accounts A nd B with an email certificate for S/MIME encryption
two identical virtual machines A and B with Windows 10
public keys have been sent to each other and were imported; the dialog “Certificate and Keys” shows both certificates
Before an encrypted message can be sent the Root CA of the email certificate has to be imported to the Windows certificate store. This can be also done visiting the web page of the CA if Edge or other browsers are used which relies on this certificate store. It would be nice if such an advice is shown.
Sending and receiving encrypted messages work well but I found the following note " /!\ Encryption has Problems" on the mails in the sent folder:
To get rid of this message I had to import the PFX file including the private key from B to the cert store located on the instance A. In my opinion it should be sufficient to have the public key imported to eM Client.
Yes, in order to send an encrypted message to someone, you need their public key.
Now, in order to view the encrypted message in your Sent folder, you need a way to access it. For that it will use your own private key to open the message, because otherwise you cannot decrypt the message with the receivers public key.
I really appreciate your support here in the forum. . What I want to say that there should be a bug or a minor flaw in the program. Functionality isn’t affected. Messages are encrypted and decrypted as expected. I can also read the sent messages. I think the program tries to decrypt the sent messages like it does when the message is received.
A encrypt with A’s private and B’s public key --> sent to B --> B decrypt with with A’s public and B’s private key. But what is with the messages in A’s sent box? What is needed to read them? And I assume the software tries to use A’s public - which is available - and B’s private key which usually shouldn’t be present at A’s PC. When I import B’s private key into the Windows certificate store the warning message disappears. This also happens when I import B’s key pair via eM Client’s certificate mechanism. Does eM Client use the Windows certificate store to deal with the certificates? I assume this.
If you like you can reproduce this easily and you can open a bug. I’ve finished all my tests and I’ll recommend eM Client to the company I’m consulting.
And as last topic I have a feature request: LDAP support. It’s OK o have this only in the professional version.
RSA isn’t symmetric, you can’t use A’s private key for decryption:
A: clear text --> encryption with A’s private and B’s public key --> A’s sent folder == B’s inbox
The message in the A’s sent folder is the same as in B’s inbox.
Which keys are needed to decrypt?