Hello again Opus, :SMLR
The help file in the new version is now very comprehensive, a read over it should hopefully explain a lot about SecureEmail, and securing e-mail in general.
Here are the answers to your questions:
“Here are my questions
In Encryption > Advanced I have selected “Only encrypt emails where a certificate is already installed on the system” If I send to a mixed group It will only encrypt to the Clients with Certs the others will only get digitaly signed mail Is this correct?”
This is correct, assuming you have digital signing turned on.
“Is it possible to ad ports to encrypt SPOP and SSMPT to the protocols.”
Not in the current version. We have a prototype for SSL ports that is working and we will add this feature very soon.
“If I delete a cert on a PC can The encrypted emails be read? No,the emails can not be read. I checked this one out myself”If you delete the public key certificate and the private key for which the e-mails were encrypted for, then naturally you cannot read them. BTW – private keys are not part of the public key certificate.
E-mail is encrypted with your public key by others, which is in your public key certificate that you distribute. The mail can only be decrypted with the private key that is installed in your PC’s certificate store. Basically Windows stores a reference between your public key and private key so it knows which private key to use to decrypt the e-mail.
“How about can the email be decrypted when the the Cert has expired?
This is important”
Yes it can, but you may see a warning saying it’s expired, depending on which application you are viewing the e-mail in.
“the cert renewed or are you issued a new one?”When certificates expire, you have to sign-up for a new one. A new public key and private key pair are generated on your PC during the sign-up process. The public key is placed in a signing request data format and is then sent off to Comodo for signing by Comodo’s private key.
Your private key never leaves your computer system.
This new certificate is installed in addition to your existing one, it does not replace/remove the old one. The old one is still required to decrypt mails that were encrypted for its private key.
“ If you are issued a new cert what happen to the old encrypted email?”
If you have SE’s auto-decrypt turned on the mail will be already decrypted.
If you have not turned this on your mail will be store as encrypted in your e-mail client’s storage files. Assuming you have not removed the old key set, when you open a mail, the S/MIME compliant mail package will still be able to show the e-mail.
“I now have several certs in both my name and my wifes How do I delete the ones I am not using?”
Please check out the help guide. You can delete certificates from the Certificates page in SE or use the “Certificate Manager” button to launch the Windows Certificate Manager which will also let you delete certificates and private keys.
E-mail encryption isn’t just about the public key certificates. You have a public and private key set that allows this asymmetric encryption to take place. So make sure you backup your private keys with your certificates if you remove them, just in case you need to read mails encrypted with them later.
Hope this helps?
Thanks,
Shane. (:NRD)