I am a beginner in encryption and the like and am currently trying to sign and encrypt emails. Although I am familiar with the concept of private and public keys, I don't seem to understand an important part.
Example: A company wants to sign and encrypt sensitive accounting data and send it to its customers. However, it only knows the e-mail address of its customers.
Question: Is it possible to send an encrypted and signed e-mail using only the e-mail address? Or do I need additional information such as keys/certificates?
Or is only one certificate for the sender sufficient here?
I currently use MailKit and work with CmsSigner and CmsRecipient. Both of them require a certificate. I have been able to send myself messages where CmsSigner and CmsRecipient use the same certificate. Do I understand correctly that each additional recipient needs a separate certificate for the CmsRecipient? So the company would have to create/collect certificates for each new customer for a deposited e-mail in order to be able to encrypt and decrypt the messages correctly?