C# - Sign email - S/MIME

The following c# example codes demonstrate how to sign email to S/MIME format with digital signature.

Email Digital Signature

Digital signature prevents email content is faked or changed in transport level. Encrypting email protects email content from exposure to inappropriate recipients. Both digital signature and email encrypting depend on digital certificate.

If you have an email digital signature certificate installed on your machine, you can find it in “Control Panel” -> “Internet Options” -> “Content” -> “Certificates” -> “Personal”.

email ceritificate

Then you can use your email certificate to sign the email by the following code. If you don’t have a certificate for your email address, you MUST get a digital certificate for personal email protection from third-party certificate authorities such as www.verisign.com.

If you need a free certificate for your email address, you can go to http://www.comodo.com/home/email-security/free-email-certificate.php to apply for one year free email certificate.

Installation

Before you can use the following codes, please download EASendMail SMTP Component and install it on your machine at first. Full sample proejcts are included in this installer.

Install from NuGet

You can also install the run-time assembly by NuGet. Run the following command in the NuGet Package Manager Console:

Install-Package EASendMail

Note

If you install it by NuGet, no sample projects are installed, only .NET assembly is installed.

Add reference

To use EASendMail SMTP Component in your project, the first step is Add reference of EASendMail to your project. Please create or open your project with Visual Studio, then go to menu -> Project -> Add Reference -> .NET -> Browse..., and select Installation Path\Lib\net[version]\EASendMail.dll from your disk, click Open -> OK, the reference of EASendMail will be added to your project, and you can start to use it to send email in your project.

add reference in c#/vb.net/c++/cli/clr

.NET assembly

Because EASendMail has separate builds for .Net Framework, please refer to the following table and choose the correct dll.

Separate builds of run-time assembly for .NET Framework 1.1, 2.0, 3.5, 4.0, 4.5, 4.6.1, .NET Core 3.1, .NET 5.0, .NET Standard 2.0 and .NET Compact Framework 2.0, 3.5.

File .NET Framework Version
Lib\net20\EASendMail.dll Built with .NET Framework 2.0
It requires .NET Framework 2.0, 3.5 or later version.
Lib\net40\EASendMail.dll Built with .NET Framework 4.0
It requires .NET Framework 4.0 or later version.
Lib\net45\EASendMail.dll Built with .NET Framework 4.5
It requires .NET Framework 4.5 or later version.
Lib\net461\EASendMail.dll Built with .NET Framework 4.6.1
It requires .NET Framework 4.6.1 or later version.
Lib\netcoreapp3.1\EASendMail.dll Built with .NET Core 3.1
It requires .NET Core 3.1 or later version.
Lib\net5.0\EASendMail.dll Built with .NET 5.0
It requires .NET 5.0 or later version.
Lib\net6.0\EASendMail.dll Built with .NET 6.0
It requires .NET 6.0 or later version.
Lib\netstandard2.0\EASendMail.dll Built with .NET Standard 2.0
It requires .NET Standard 2.0 or later version.
Lib\net20-cf\EASendMail.dll Built with .NET Compact Framework 2.0
It requires .NET Compact Framework 2.0, 3.5 or later version.
Lib\net35-cf\EASendMail.dll Built with .NET Compact Framework 3.5
It requires .NET Compact Framework 3.5 or later version.

C# - Sign email - S/MIME - example

The following example codes demonstrate signing email with digital signature - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

Note

To get full sample projects, please download and install EASendMail on your machine.

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;

// Add EASendMail namespace
using EASendMail;

namespace mysendemail
{
    class Program
    {
        static X509Certificate2 _findCertificate(string storeName, string emailAddress)
        {
            X509Certificate2 cert = null;

            X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);

            X509Certificate2Collection certfiicates = store.Certificates.Find(X509FindType.FindBySubjectName, emailAddress, true);
            if (certfiicates.Count > 0)
            {
                cert = certfiicates[0];
            }

            store.Close();

            return cert;
        }

        static void Main(string[] args)
        {
            try
            {
                SmtpMail oMail = new SmtpMail("TryIt");

                // Set sender email address, please change it to yours
                oMail.From = "test@emailarchitect.net";

                // Set recipient email address, please change it to yours
                oMail.To = "support@emailarchitect.net";

                // Set email subject
                oMail.Subject = "test email with digital signature from c#";

                // Set email body
                oMail.TextBody = "this is a test email with digital signature";

                X509Certificate2 signerCertificate = _findCertificate("My", oMail.From.Address);
                if (signerCertificate == null)
                    throw new Exception("No signer certificate found for " + oMail.From.Address + "!");

                oMail.From.Certificate2 = signerCertificate;

                // You can also load the signer certificate from a pfx file.
                /* string pfxPath = "D:\\TestCerts\\signer.pfx";
                X509Certificate2 signerCertFromPfx = new X509Certificate2(pfxPath,
                    "nosecret",
                    X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);

                oMail.From.Certificate2 = signerCertFromPfx;
                */
                // If you use it in web application,
                // please use  X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet

                // If you use it in .NET core application
                // please use X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet

                // Your smtp server address
                SmtpServer oServer = new SmtpServer("smtp.emailarchitect.net");

                // User and password for ESMTP authentication, if your server doesn't require
                // User authentication, please remove the following codes.
                oServer.User = "test@emailarchitect.net";
                oServer.Password = "testpassword";

                // Most mordern SMTP servers require SSL/TLS connection now.
                // ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
                oServer.ConnectType = SmtpConnectType.ConnectTryTLS;

                // If your SMTP server uses 587 port
                // oServer.Port = 587;

                // If your SMTP server requires SSL/TLS connection on 25/587/465 port
                // oServer.Port = 25; // 25 or 587 or 465
                // oServer.ConnectType = SmtpConnectType.ConnectSSLAuto;

                Console.WriteLine("start to send email with digital signature ...");

                SmtpClient oSmtp = new SmtpClient();
                oSmtp.SendMail(oServer, oMail);

                Console.WriteLine("email was sent successfully!");
            }
            catch (Exception ep)
            {
                Console.WriteLine("failed to send email with the following error:");
                Console.WriteLine(ep.Message);
            }
        }
    }
}

Signature algorithm

You can use SmtpMail.SignatureHashAlgorithm property to set MD5, SHA1, SHA256, SHA384 or SHA512 signature algorithm. SHA256 is recommended.

RSASSA-PSS Signature

If you need to use RSASSA-PSS signature scheme, you need a special version of EASendMail, please have a look at this topic:

RSASSA-PSS + RSA-OAEP Encryption with SHA256

TLS 1.2 protocol

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.