Validate S/MIME emails
In this article we’ll show how to verify digitally signed emails (S/MIME) using Mail.dll email component.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.
S/MIME was originally developed by RSA Data Security. Specification uses Cryptographic Message Syntax, an IETF specification that is identical in most respects with PKCS #7. S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity, non-repudiation of origin (using digital signatures), privacy and data security (using encryption).
S/MIME signatures are usually done with what’s called “detached signatures”. The signature information is separate from the text being signed. The MIME type for this is multipart/signed with the second part having a MIME subtype of application/(x-)pkcs7-signature.
Sometimes attached signatures (application/pkcs7-mime; smime-type=”signed-data”) format is used. In such case signature and data are represented by single MIME entity. Mail.dll recognizes both detached and attached signatures.
To check if the message has been signed use IsSigned property on IMail object.
CheckSignature(bool verifySignatureOnly) method is used for signature validation.
Using IMAP protocol
// C# using (Imap imap = new Imap()) { imap.Connect("imap.example.com"); // or ConnectSSL imap.UseBestLogin("user", "password"); MailBuilder builder = new MailBuilder(); foreach (long uid in imap.GetAll()) { IMail email = builder.CreateFromEml( imap.GetMessageByUID(uid)); // Check signature if (email.IsSigned == true) email.CheckSignature(true); } imap.Close(); }
' VB.NET Using imap As New IMAP() imap.Connect("imap.example.com") ' or ConnectSSL imap.UseBestLogin("user", "password") Dim builder As New MailBuilder() For Each uid As Long In imap.GetAll() Dim email As IMail = builder.CreateFromEml( _ imap.GetMessageByUID(uid)) ' Check signature If email.IsSigned = True Then email.CheckSignature(True) End If Next imap.Close() End Using
Using POP3 protocol
using (Pop3 pop3 = new Pop3()) { pop3.Connect("pop3.example.com"); // or ConnectSSL pop3.Login("user", "password"); MailBuilder builder = new MailBuilder(); foreach (string uid in pop3.GetAll()) { IMail email = builder.CreateFromEml( pop3.GetMessageByUID(uid)); // Check signature if (email.IsSigned == true) email.CheckSignature(true); } pop3.Close(); }
Using pop3 As New Pop3() pop3.Connect("pop3.example.com") ' or ConnectSSL pop3.Login("user", "password") Dim builder As New MailBuilder() For Each uid As String In pop3.GetAll() Dim email As IMail = builder.CreateFromEml( _ pop3.GetMessageByUID(uid)) ' Check signature If email.IsSigned = True Then email.CheckSignature(True) End If Next pop3.Close() End Using
CheckSignature method will throw an exception, if it fails to verify the signature.
January 15th, 2016 at 12:44
[…] Validate S/MIME emails […]