Digital signature prevents email content is faked or changed in transport level. Encrypting email protects email content from exposure to inappropriate recipients. Both digital signature and email encrypting depend on digital certificate.
How to sign email content?
Digital signature is always signed by sender certificate. The certificate used to sign email content MUST have the public/private key pair. First of all, the user MUST get a digital certificate for personal email protection from third-party certificate authorities such as www.verisign.com. After the certificate is installed on the machine, it can be viewed by "Control Pannel"->"Internet Options"->"Content"->"Certificates"->"Personal". When you view the certificate, please note there is a line "You have a private key that corresponds to this certificate" in the certificate view, that means you are able to use this certificate to sign email content. If this line doesn't appear, that means you are unable to sign the email content by this certificate. To sign email content with EASendMail, the certificate with private key is required to be imported to SmtpMail.SignerCert properly.
Example
[Visual Basic] The following example demonstrates how to load certificate to sign email content with EASendMail SMTP Component. To get the full samples of EASendMail, please refer to Samples section.
[Visual Basic]
Const CRYPT_MACHINE_KEYSET = 32
Const CRYPT_USER_KEYSET = 4096
Const CERT_SYSTEM_STORE_CURRENT_USER = 65536
Const CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072
Dim oSmtp As New EASendMailObjLib.Mail
'The license code for EASendMail ActiveX Object, 'for evaluation
usage, please use "TryIt" as the license code.
oSmtp.LicenseCode = "TryIt"
oSmtp.FromAddr = "test@mydomain"
'clear certificate
oSmtp.SignerCert.Unload
'find certificate in current user certificate store
If Not oSmtp.SignerCert.FindSubject("test@mydomain", CERT_SYSTEM_STORE_CURRENT_USER, "my") Then
MsgBox m_oSmtp.SignerCert.GetLastError()
End If
If Not oSmtp.SignerCert.HasPrivateKey Then
MsgBox "Signer certificate has not private key, this certificate can not be used to sign email!"
End If
How to encrypt email?
Encrypting email doesn't require sender certificate but the certificate with public key for every recipient. For example, from@adminsystem.com sends an email to rcpt@adminsystem.com with digital signature. The digital signature contains the public key certificate for from@adminsystem.com, then rcpt@adminsystem.com can send an encrypted email with this certificate back to from@adminsystem.com. Only from@adminsystem can read this email, because this email MUST be decrypted by private key of from@adminsystem.com. Therefore, you MUST receive an digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people. To encrypt email with EASendMail, the certificate for recipient should be loaded to RecipientsCerts property.
Example
[Visual Basic] The following example demonstrates how to load certificate to encrypt email with EASendMail SMTP Component. To get the full samples of EASendMail, please refer to Samples section.
[Visual Basic]
Const CRYPT_MACHINE_KEYSET = 32
Const CRYPT_USER_KEYSET = 4096
Const CERT_SYSTEM_STORE_CURRENT_USER = 65536
Const CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072
Dim oSmtp As New EASendMailObjLib.Mail
'The license code for EASendMail ActiveX Object, 'for evaluation
usage, please use "TryIt" as the license code.
oSmtp.LicenseCode = "TryIt"
oSmtp.FromAddr = "test@mydomain"
oSmtp.AddRecipient "encrypt", "encrypt@mydomain", 0
'clear recipients certificate at first
oSmtp.RecipientsCerts.Clear
'find recipient certificate in current user certificate store
Dim oEncryptCert As New EASendMailObjLib.Certificate
If Not oEncryptCert.FindSubject("encrypt@mydomain", CERT_SYSTEM_STORE_CURRENT_USER, "AddressBook") Then
If Not oEncryptCert.FindSubject("encrypt@mydomain", CERT_SYSTEM_STORE_CURRENT_USER, "my") Then
MsgBox oEncryptCert.GetLastError()
Exit Sub 'no certificate foud, exit subroutine
End If
End If
'add recipient certificate, if you want multiple recipients, you
can add multiple certificates
oSmtp.RecipientsCerts.Add oEncryptCert
pfx and cer
*.pfx certificate contains the public/private key and *.cer only contains the public key, so *.pfx is able to sign and encrypt email, but *.cer is used to encrypted email only. *.pfx and *.cert can be exported by "Control Pannel"->"Internet Options"->"Content"->"Certificates". If importing private key is chosen, the *.pfx will be generated, otherwise *.cer will be generated.
Sign and Encrypt E-mail in ASP & Web Application
Since ASP application is running under IIS_USERXX user, it is not a normal user in Operating System. You should use Load method to load the certificate file directly instead of finding certificate in the user certificate storage. When *.pfx is loaded, CRYPT_MACHINE_KEYSET should be used instead of CRYPT_USER_KEYSET.
Example
[Visual Basic]
Const CRYPT_MACHINE_KEYSET = 32
Const CRYPT_USER_KEYSET = 4096
oMail.SignerCert.LoadPFXFromFile("c:\test.pfx", "pfxpassword", CRYPT_MACHINE_KEYSET)
Online Examples
Sign Email - Visual Basic
Encrypt Email - Visual Basic
Sign Email - Visual C++
Encrypt Email - Visual C++
Sign Email - Delphi
Encrypt Email - Delphi
See Also
Using EASendMail ActiveX Object
Work with EASendMail Service(Mail Queuing)
How to use DomainKeys Signature
Send email without SMTP server(DNS lookup)
Error with sending recipient(Relay denied)
Mail vs. FastSender
Programming with Asynchronous Mode
Work with RTF and Word
Programming with FastSender
EASendMail ActiveX Object References
EASendMail SMTP Component Samples