Endpoint Encryption RME (Removable Media Encryption) encrypts files using one of the following three methods:

1. Password
2. Certificate
3. Workgroup key

This article gives an overview of how certificates are used to encrypt files.

Symantec Endpoint Encryption Removable Media Encryption 11.2 and above.

Removable Media Encryption encrypts files using the cipher AES256-CBC.

Each file is encrypted to a unique key.

Each unique key is protected by one or more passwords or certificates or group keys.

Therefore, when a certificate is used with Removable Media Encryption to encrypt a file, the file is not encrypted directly to the certificate. Instead, the certificate is used to protect the underlying key to which the file is encrypted.