Send encrypted email using S/MIME

In this article we’ll show how to send digitally encrypted and signed emails (S/MIME) using Mail.dll .NET email component.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.

S/MIME was originally developed by RSA Data Security Inc. Specification uses Cryptographic Message Syntax, an IETF specification that is identical in most respects with PKCS #7.

S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity, non-repudiation of origin (using digital signatures), privacy and data security (using encryption). S/MIME specifies the MIME type application/pkcs7-mime (smime-type “enveloped-data”) for data enveloping (encrypting) where the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.

Encryption using MailBuilder

// C#

MailBuilder builder = new MailBuilder();
builder.Html = "<html><body>Encrypted and signed</body></html>";
builder.Subject = "Encrypted and signed";
builder.From.Add(new MailBox("", "Alice"));
builder.To.Add(new MailBox("", "Bob"));

builder.SignWith(new X509Certificate2("SignCertificate.pfx", ""));
builder.EncryptWith(new X509Certificate2("EncryptCertificate.pfx", ""));
builder.EncryptWith(new X509Certificate2("BobsCertificate.pfx", ""));

IMail email = builder.Create();


Dim builder As New MailBuilder()
builder.Html = "<html><body>Encrypted and signed</body></html>"
builder.Subject = "Encrypted and signed"
builder.From.Add(New MailBox("", "Alice"))
builder.[To].Add(New MailBox("", "Bob"))

builder.SignWith(New X509Certificate2("SignCertificate.pfx", ""))
builder.EncryptWith(New X509Certificate2("EncryptCertificate.pfx", ""))
builder.EncryptWith(New X509Certificate2("BobsCertificate.pfx", ""))

Dim email As IMail = builder.Create()

Remember to encrypt your emails with both sender’s and receiver’s certificates.
This way both parties are able to decrypt such emails.

Encryption using fluent interface

// C# version

IMail email = Mail
    .Html("<html><body>Encrypted and signed</body></html>")
    .Subject("Encrypted and signed")
    .From(new MailBox("", "Alice"))
    .To(new MailBox("", "Bob"))
    .SignWith(new X509Certificate2("SignCertificate.pfx", ""))
    .EncryptWith(new X509Certificate2("EncryptCertificate.pfx", ""))
    .EncryptWith(new X509Certificate2("BobsCertificate.pfx", ""))

Dim email As IMail = Mail _
	.Html("<html><body>Encrypted and signed</body></html>") _
	.Subject("Encrypted and signed") _
	.From(New MailBox("", "Alice")) _
	.To(New MailBox("", "Bob")) _
	.AddAttachment("c:\report_2014.pdf") _
	.SignWith(New X509Certificate2("SignCertificate.pfx", "")) _
	.EncryptWith(New X509Certificate2("EncryptCertificate.pfx", "")) _
	.EncryptWith(New X509Certificate2("BobsCertificate.pfx", "")) _

Common errors you may encounter

  • Please use the PersistKeySet flag when loading from file (new X509Certificate2(_certificatePath, “”, X509KeyStorageFlags.PersistKeySet);) and adding to store
  • “Bad key” exception message means that certificate was not for key exchange – makecert needs an extra parameter to create certificate that can be used for symmetric algorithm key exchange: -sky exchange.
  • “The enveloped-data message does not contain the specified recipient.” means that certificate with the private key is not deployed into the current account/local machine personal store, or not in the certificates list

Create test certificate

You can use following commands in VisualStudio Command Prompt to create test certificate:

makecert.exe -pe -r -sv Test_Keys.pvk -n "CN=John Doe," -sky exchange Test.cer

pvk2pfx.exe -pvk Test_Keys.pvk -spc Test.cer -pfx Test.pfx

If you use CER or PEM files you can find more information in this article:
Importing private/public keys or certificates in PEM, CER formats.

Sending encrypted email using SMTP

Now we can connect to SMTP server and send the email we recently created:

// C#

using (Smtp client = new Smtp())
    client.Connect(""); // or ConnectSSL
    client.UseBestLogin("user", "password");

Using client As New Smtp()
	client.Connect("") ' or ConnectSSL
	client.UseBestLogin("user", "password")
End Using

By default Mail.dll uses TrippleDES (3-DES) for encryption and SHA-1 alghoritm for signing. You can change those settings and choose different signature and encryption algorithm while sending S/MIME encrypted email message.

Tags: , , , ,

One Response to “Send encrypted email using S/MIME”

  1. Send signed email receive encrypted Says:

    […] Send encrypted email using S/MIME […]


Consider using our Q&A forum for asking any questions.