Signer certificate in EML file

Question

Rebex component can still validate the signature and find the signer certificate of signed-only EML file; although the certificate was deleted from Windows certificate stores. Does that mean the signer certificates are embedded within the EML files? If not, how can Rebex find it?

Sincerely,

Answer 1

Yes, the signed mail really does contain the signer's certificate, but only the public part (private key is not included). So, everyone can validate the signature using embedded public key. This implies that the signer has access to corresponding private key.