When signing or encrypting a message, it is necessary to look up the X.509 certificate in order to do the actual sign or encrypt operation. One way of accomplishing this is to use the email address of sender or recipient as a unique identifier. However, a better approach is to use the fingerprint (or 'thumbprint' in Microsoft parlance) of the user's certificate.