After several hours of surfing the internet, I failed to find any comprehensive guide on how to encrypt the email between two users using the S/MIME certificate.
In parallel with SSL certificates: the server sends the public key to the browser, the browser verifies its signature and encrypts with the public key the shared secret which then used for the two-side message encryption.
So, how does it work with S/MIME? As far as I understood, once the S/MIME certificate is installed in an email client, Alice needs to send a signed email to Bob with her public key as an attachment. Bob then should download and import this public key to his email client and only after that can Bob encrypt his email message with Alice's public key and send it, and Alice, consequently, will be able to decrypt it with her private key when the message has arrived.
-The trick here is how to encrypt Alice's outgoing messages?
-Does Bob need his own certificate and share it with Alice (the same way Alice did) or is there some shared secret present during the message exchange?
-By the way, should the public key be sent as an attachment or is it already sent along with the signed message and all is needed is to import it?
