I have installed the email encryption on my PC, and have certificates installed for all my email accounts. However when I go to the statistics in the configuration module, it appears none of my emails have been encrypted, though 80% have been signed! Do I have to have certificates installed for all my correspondents’ email addresses before I can send them encrypted email? How do I do that? The installation seemed pretty straight forward and simple, but there doesn’t appear to be any encryption going on. In the absence of certificates from correspondents, what will be the effect of turning on VERY HIGH security?
Most email is not being sent encrypted because you don’t have your correspondent’s certificates installed. The setting in CSE that says ‘automatically encrypt email’ encrypts only if you have those certificates, or you have said to Encrypt with Single-Use Certificates if a certificate cannot be found .
The easiest way to arrange for certificate exchange is to get your correspondents to install CSE, and obtain free certs from Comodo. Then all will happen pretty much automatically - you send them an email, they send one back, respond to any prompts, and after that all is encrypted. (Maybe there are other secure email clients that will co-operate - but this is outside my knowledge).
If they are not willing to do this, you can get your correspondents:
to send you a signed unencrypted email, using whatever software they use (most emails clients will do this), and install their certificate from this email
use a trusted Comodo web server as an intermediary to allow them to read a one-time encrypted email that you send (either with or without password - you use a sub-setting of ‘Encrypt with Single-Use Certificates’ to determine this). That’s what the ‘Encrypt with Single-Use Certificates’ setting is about.
There is a further possibility - you want all communications, even the first exchange of emails, to be secure. Then you send a ‘One time encrypted email’ to your correspondent, ask your correspondent to install CSE and his certificate, and use the trusted intermediary server for secure certificate exchange.
How all this works is explained exhaustively here.
Which all goes to show why getting everyone to install CSE is such a good idea.