Why signing and encrypting?
An unencrypted e-mail is comparable to a postcard. Just as a postcard passes through the hands of several postal workers, an e-mail on its way through the network is potentially readable or can be changed. Encryption makes the content of your communication unreadable to third parties.
The use of an electronic signature with the help of a personal digital certificate ensures that the e-mail actually originates from the specified sender and has not been changed on its way to the recipient. For this purpose, your mail program encrypts a checksum of your e-mail with your secret private key. This has been saved in the program or computer with a password by you before. The recipient can verify the authenticity of your e-mail with your public key. The mail program does this all by itself and shows you whether everything is OK or not.
If you own a certificate, you can only encrypt an e-mail if the addressee also has a certificate. The email is encrypted with the recipient's public key, so that only the recipient can read the e-mail with his or her matching private key. Therefore the public keys must be exchanged beforehand. This is done by sending a digitally signed e-mail. The mail program automatically stores the received public keys for future use. An encrypted e-mail can be read only by sender and recipient and only on devices or with mail programs in which the keys are available.
You can encrypt and sign at the same time.