Digital signature protects data integrity in transport level. Email encryption protects email content from exposure to unauthorized parties. Both digital signature and email encrypting depend on digital certificate.
How to sign email content?
Digital signature is always signed by sender certificate. The certificate used to sign email content MUST have the public/private key pair. First of all, user MUST get a digital certificate for personal email protection from third-party certificate authorities such as www.verisign.com. After the certificate is installed on user's machine, it can be viewed by "Control Pannel"->"Internet Options"->"Content"->"Certificates"->"Personal". When you view the certificate, please note there is a line "You have a private key that corresponds to this certificate" in the certificate view, that means you are able to use this certificate to sign email content. If this line doesn't appear, that means you are unable to sign the email content by this certificate. To sign email content, please refer to EASendMail SMTP Component.
How to encrypt email?
Encrypting email doesn't require sender certificate but the certificate with public key for every recipient. For example, from@adminsystem.com sends an email to rcpt@adminsystem.com with digital signature. The digital signature contains the public key certificate for from@adminsystem.com, then rcpt@adminsystem.com can send an encrypted email with this certificate back to from@adminsystem.com. Only from@adminsystem can read this email, because this email can only be decrypted by private key of from@adminsystem.com. Therefore, you MUST receive a digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people. To encrypt email, please refer to EASendMail SMTP Component.
Verify signed email and decrypt the encrypted email.
EAGetMail Mail class provides an easy way to verify email digital signature and get signer certificate. Signer certificate only contains public key, that means you can add this certificate to your user certificate storage so as to use this certificate to encrypt email and send this encrypted email back to sender, only sender can decrypt that email.
Example
[Visual Basic, C#] The following example demonstrates how to verify signed email and decrypt encrypted email with EAGetMail POP3 & IMAP4 Component. To get the full samples of EAGetMail, please refer to Samples section.
[Visual Basic]
Dim oMail As New Mail("TryIt")
oMail.Load("c:\test.eml, False)
If (oMail.IsEncrypted) Then
Try
' this email is encrypted, we decrypt it by user default certificate.
' you can also use specified certificate like this
' Dim oCert As New Certificate()
' oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET)
' oMail = oMail.Decrypt( oCert )
oMail = oMail.Decrypt(Nothing)
Catch ep As Exception
MessageBox.Show(ep.Message)
End Try
End If
If (oMail.IsSigned) Then
Try
'this email is digital signed.
Dim cert As EAGetMail.Certificate = oMail.VerifySignature()
MessageBox.Show("This email contains a valid digital signature.")
'you can add the certificate to your certificate storage like this
'cert.AddToStore( Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,"addressbook" );
'then you can use send the encrypted email back to this sender.
Catch ep As Exception
MessageBox.Show(ep.Message)
End Try
End If
[C#]
Mail oMail = new Mail("TryIt");
oMail.Load( "c:\\test.eml", false );
if( oMail.IsEncrypted )
{
try
{
//this email is encrypted, we decrypt it by user default certificate.
// you can also use specified certificate like this
// Certificate oCert = new Certificate();
// oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET)
// oMail = oMail.Decrypt( oCert );
oMail = oMail.Decrypt( null );
}
catch(Exception ep )
{
MessageBox.Show( ep.Message );
}
}
if( oMail.IsSigned )
{
try
{
//this email is digital signed.
EAGetMail.Certificate cert = oMail.VerifySignature();
MessageBox.Show( "This email contains a valid digital signature.");
//you can add the certificate to your certificate storage like this
//cert.AddToStore( Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
// "addressbook" );
// then you can use send the encrypted email back to this sender.
}
catch(Exception ep )
{
MessageBox.Show( ep.Message );
}
}
pfx and cer
*.pfx certificate contains public/private key and *.cer only contains public key, so *.pfx is able to decrypt email while *.cer is used to encrypted email only. *.pfx and *.cert can be exported by "Control Pannel"->"Internet Options"->"Content"->"Certificates". If importing private key is chosen, the *.pfx will be generated, otherwise *.cer will be generated.
Decrypt E-mail in ASP.NET & Web Application
Since ASP.NET application is running under ASPNET user who is not a normal user in Operating System. You should use Load method to load the certificate file directly instead of finding certificate in the user certificate storage. When *.pfx is loaded, Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET should be used instead of Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET.
Example
[Visual Basic]
If (oMail.IsEncrypted) Then
Try
Dim oCert As New Certificate()
oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET )
oMail = oMail.Decrypt( oCert )
Catch ep As Exception
MessageBox.Show(ep.Message)
End Try
End If
[C#]
if( oMail.IsEncrypted )
{
try
{
Certificate oCert = new Certificate();
oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET )
oMail = oMail.Decrypt( oCert );
}
catch(Exception ep )
{
MessageBox.Show( ep.Message );
}
}
See Also
Using EAGetMail POP3 & IMAP4 Component
User Authentication and SSL Connection
Unique Identifier (UIDL) in POP3 and IMAP4 protocol
Parse Bounced Email (delivery-report)
Work with winmail.dat (TNEF Parser)
EAGetMail Namespace References
EAGetMail POP3 & IMAP4 Component Samples