Send signed email receive encrypted

In this article we’ll show how to create test certificates or use existing certificate, for sending signed emails. Our recipients will use the public key information from the signed email to encrypt emails they’ll be sending to us. Finally we’ll show how to decrypt those emails.

Create test certificate

We’ll use makecert.exe tool to create certificate in cer format and pvk2pfx.exe tool to convert it to pfx format:


makecert.exe -pe -r -sv Test_Keys.pvk -n "CN=Alice,E=alice2@testdomain.com" -sky exchange Test.cer


pvk2pfx.exe -pvk Test_Keys.pvk -spc Test.cer -pfx Test.pfx

If you use CER or PEM files you can find more information in this article:
Importing private/public keys or certificates in PEM, CER formats.

Create S/MIME signed email

Now we’ll create a signed message using Mail.dll. It is a simple task we just need to load certifcate from disk and use SignWith method:

X509Certificate2 certificate = new X509Certificate2(
    @"c:\Test.pfx";, 
    "", 
    X509KeyStorageFlags.PersistKeySet);

IMail email = Limilabs.Mail.Fluent.Mail.Text("This is a signed message")
    .Subject("This is a signed message")
    .From("alice2@testdomain.com")
    .To("test@testdomain.com")
    .SignWith(certificate)
    .Create();

Send S/MIME signed email

Now we’ll use Smtp class to connect and authenticate to our SMTP server and send the email message:

using(Smtp smtp = new Smtp())
{
    smtp.Connect("smtp.server.com");  // or ConnectSSL for SSL
    smtp.UseBestLogin("user", "password");
 
    smtp.SendMessage(email);                     
 
    smtp.Close();   
}              

Here you can find more details on sending S/MIME signed email.

S/MIME signed email is received

Here’s how the recipient will see the message. Please note that we are using self-signed certificates and this is why we are seeing this warning message.

Next step for the recipient is to mark received certificate as trusted.

The recipient should then add the certificate to the contact list:

As you can see there is a DigitalID assigned to Alice (email sender):

S/MIME encrypted email reply

Finally recipient replies to the message marking the new message to be encrypted.

Receiving S/MIME encrypted email reply

We’ll use IMAP component to download this message. You can use IMAP or POP3 components to download it.

In fact we can see that it is encrypted (we are showing raw eml variable here):

Now we can decrypt the message using the same certificate, we used for signing. Note that we are adding this certificate to SMIMEConfiguration.Certificates collection:

X509Certificate2 certificate = new X509Certificate2(
    @"c:\Text.pfx", 
    "", 
    X509KeyStorageFlags.PersistKeySet);

using(Imap imap = new Imap())
{
    imap.Connect("imap.testdomain.com");
    imap.UseBestLogin("alice2@testdomain.com", "password");

    var eml = imap.GetMessageByNumber(1);

    MailBuilder builder = new MailBuilder();
    builder.SMIMEConfiguration.Certificates.Add(certificate);
    IMail email = builder.CreateFromEml(eml);

    Console.WriteLine(email.IsEncrypted);
    Console.WriteLine(email.Html);
    Console.WriteLine(email.Text);

    imap.Close();
}

You can also find more information about SMIME and Mail.dll here:

Tags: ,

Questions?

Consider using our Q&A forum for asking any questions.