Digital signature prevents email content is faked or changed in transport level. Encrypting email protects email content from exposure to inappropriate recipients. Both digital signature and email encrypting depend on digital certificate.
How to sign email content?
Digital signature is always signed by sender certificate. The certificate used to sign email content MUST have the public/private key pair. First of all, the user MUST get a digital certificate for personal email protection from third-party certificate authorities such as www.verisign.com. After the certificate is installed on the machine, it can be viewed by "Control Pannel"->"Internet Options"->"Content"->"Certificates"->"Personal". When you view the certificate, please note there is a line "You have a private key that corresponds to this certificate" in the certificate view, that means you are able to use this certificate to sign email content. If this line doesn't appear, that means you are unable to sign the email content by this certificate. To sign email content with EASendMail, the certificate with private key is required to be imported to SmtpMail.From.Certificate properly.
Example
[Visual Basic, C#] The following example demonstrates how to load certificate to sign email content with EASendMail SMTP Component. To get the full samples of EASendMail, please refer to Samples section.
[Visual Basic]
Dim oMail As SmtpMail = New SmtpMail("TryIt")
oMail.From = New MailAddress("test@adminsystem.com")
Try
'Find certificate by email adddress in My Personal Store.
'The certificate can be imported by *.pfx file like this:
'oMail.From.Certificate.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET)
'Once the certificate is loaded to From, the email content will be signed automatically
oMail.From.Certificate.FindSubject(oMail.From.Address, _
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER, _
"My")
Catch exp As Exception
MessageBox.Show("No sign certificate found for <" + oMail.From.Address + ">:" + exp.Message)
End Try
[C#]
SmtpMail oMail = new SmtpMail("TryIt");
oMail.From = "test@adminsystem.com";
try
{
//Find certificate by email adddress in My Personal Store.
//The certificate can be also imported by *.pfx file like this:
//oMail.From.Certificate.Load("c:\\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET);
//Once the certificate is loaded to From, the email content will be signed automatically
oMail.From.Certificate.FindSubject( oMail.From.Address,
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
"My" );
}
catch( Exception exp )
{
MessageBox.Show( "No sign certificate found for <" + oMail.From.Address + ">:" + exp.Message );
}
How to encrypt email?
Encrypting email doesn't require sender certificate but the certificate with public key for every recipient. For example, from@adminsystem.com sends an email to rcpt@adminsystem.com with digital signature. The digital signature contains the public key certificate for from@adminsystem.com, then rcpt@adminsystem.com can send an encrypted email with this certificate back to from@adminsystem.com. Only from@adminsystem can read this email, because this email MUST be decrypted by private key of from@adminsystem.com. Therefore, you MUST receive an digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people. To encrypt email with EASendMail, the certificate for recipient should be loaded to MailAddress.Certificate property.
Example
[Visual Basic, C#] The following example demonstrates how to load certificate to encrypt email with EASendMail SMTP Component. To get the full samples of EASendMail, please refer to Samples section.
[Visual Basic]
Dim oMail As SmtpMail = New SmtpMail("TryIt")
oMail.From = New MailAddress("test@adminsystem.com")
oMail.To = New AddressCollection( "encrypt1@adminsystem.com, encrypt2@adminsystem.com" )
Dim count As Integer = oMail.To.Count
For i As Integer = 0 To count - 1
Dim oAddress As MailAddress = oMail.To(i)
Try
//Find certificate by email adddress in My Other Peoples Store.
//The certificate can be also imported by *.cer file like this:
//oMail.From.Certificate.Load("c:\encrypt1.cer")
//Once the certificate is loaded to MailAddress, the email content will be encrypted automatically
oAddress.Certificate.FindSubject(oAddress.Address, _
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER, _
"AddressBook")
Catch ep As Exception
Try
oAddress.Certificate.FindSubject(oAddress.Address, _
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER, _
"My")
Catch exp As Exception
MessageBox.Show("No encryption certificate found for <" + oAddress.Address + ">:" + exp.Message)
End Try
End Try
Next
[C#]
SmtpMail oMail = new SmtpMail("TryIt");
oMail.From = "test@adminsystem.com";
oMail.To = "encrypt1@adminsystem.com, encrypt2@adminsystem.com";
int count = oMail.To.Count;
for( int i = 0; i < count; i++ )
{
MailAddress oAddress = oMail.To[i] as MailAddress;
try
{
//Find certificate by email adddress in My Other Peoples Store.
//The certificate can be also imported by *.cer file like this:
//oMail.From.Certificate.Load("c:\\encrypt1.cer");
//Once the certificate is loaded to MailAddress, the email content will be encrypted automatically
oAddress.Certificate.FindSubject( oAddress.Address,
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
"AddressBook" );
}
catch( Exception ep )
{
try
{
oAddress.Certificate.FindSubject( oAddress.Address,
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
"My" );
}
catch( Exception exp )
{
MessageBox.Show( "No encryption certificate found for <" + oAddress.Address + ">:" + exp.Message );
}
}
}
pfx and cer
*.pfx certificate contains the public/private key and *.cer only contains the public key, so *.pfx is able to sign and encrypt email, but *.cer is used to encrypted email only. *.pfx and *.cert can be exported by "Control Pannel"->"Internet Options"->"Content"->"Certificates". If importing private key is chosen, the *.pfx will be generated, otherwise *.cer will be generated.
Sign and Encrypt E-mail in ASP.NET & Web Application
Since ASP.NET application is running under ASPNET user, it is not a normal user in Operating System. You should use Load method to load the certificate file directly instead of finding certificate in the user certificate storage. When *.pfx is loaded, Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET should be used instead of Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET.
Example
[Visual Basic]
oMail.From.Certificate.Load("c:\\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET);
[C#]
oMail.From.Certificate.Load("c:\\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_MACHINE_KEYSET);
See Also
Using EASendMail SMTP Component
User Authentication and SSL Connection
Send E-mail Directly (Simulating SMTP server)
Work with EASendMail Service (Email Queuing)
EASendMail Namespace References
EASendMail SMTP Component Samples