Decrypt S/MIME emails

After you have downloaded S/MIME encrypted email from IMAP or POP3 server you need to parse and decrypt it.

MailBuilder tries to automatically decrypt emails using StoreName.My certificate store.

You can of course specify certificates that should be used for decryption:

// C# version

string eml = client.GetMessageByUID(uid);

X509Certificate2 certificate = new X509Certificate2(
   "certificate.pfx", "", X509KeyStorageFlags.PersistKeySet);

MailBuilder builder = new MailBuilder();
builder.SMIMEConfiguration.Certificates.Add(certificate);

IMail decrypted = builder.CreateFromEml(eml);

Console.WriteLine(decrypted.NeedsDecryption); // outputs false
Console.WriteLine(decrypted.IsEncrypted); // outputs true

' VB.NET version

Dim eml As String = client.GetMessageByUID(uid)

Dim certificate As New X509Certificate2("certificate.pfx", "", X509KeyStorageFlags.PersistKeySet)

Dim builder As New MailBuilder()
builder.SMIMEConfiguration.Certificates.Add(certificate)

Dim decrypted As IMail = builder.CreateFromEml(eml)

Console.WriteLine(decrypted.NeedsDecryption)  ' outputs False
Console.WriteLine(decrypted.IsEncrypted); ' outputs True

You can also instruct MailBuilder not to decrypt emails automatically and decrypt them at some later time:

// C# version

string eml = client.GetMessageByUID(uid);

MailBuilder builder = new MailBuilder();
builder.DecryptAutomatically = false;

IMail encrypted = builder.CreateFromEml(eml);

Console.WriteLine(encrypted.NeedsDecryption);  // outputs true
Console.WriteLine(encrypted.IsEncrypted); // outputs true

X509Certificate2 certificate = new X509Certificate2(
   "certificate.pfx", "", X509KeyStorageFlags.PersistKeySet);

IMail decrypted = mail.Decrypt(certificate);

Console.WriteLine(decrypted.NeedsDecryption);  // outputs false
Console.WriteLine(decrypted.IsEncrypted); // outputs true

' VB.NET version

Dim eml As String = client.GetMessageByUID(uid)

Dim builder As New MailBuilder()
builder.DecryptAutomatically = False

Dim encrypted As IMail = builder.CreateFromEml(eml)

Console.WriteLine(decrypted.NeedsDecryption)  ' outputs True
Console.WriteLine(decrypted.IsEncrypted); ' outputs True

Dim certificate As New X509Certificate2( _
   "certificate.pfx", "", X509KeyStorageFlags.PersistKeySet)

Dim decrypted As IMail = mail.Decrypt(certificate)

Console.WriteLine(decrypted.NeedsDecryption)  ' outputs False
Console.WriteLine(decrypted.IsEncrypted); ' outputs True

Common errors you may encounter:

• Please use the PersistKeySet flag when loading from file (new X509Certificate2(_certificatePath, “”, X509KeyStorageFlags.PersistKeySet);) and adding to store
• “Bad key” exception message means that certificate was not for key exchange – makecert needs an extra parameter to create certificate that can be used for symmetric algorithm key exchange: -sky exchange.
• “the enveloped data-message does not contain the specified recipient” means that certificate with the private key is not deployed into the current account/local machine personal store, or not in the certificates list

You can use following commands in VisualStudio Command Prompt to create test certificate:

makecert.exe -pe -r -sv Test_Keys.pvk -n "CN=John Doe,E=email@in-the-certificate.com" -sky exchange Test.cer

pvk2pfx.exe -pvk Test_Keys.pvk -spc Test.cer -pfx Test.pfx

Tags: C#, Mail.dll, SMIME, VB.NET

This entry was posted on Friday, May 6th, 2011 at 18:23 and is filed under Component. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.