Visual C++ - Sign Email (RSASSA-PSS + SHA256) and Encrypt Email (RSAES-OAEP + AES 128/196/256 + SHA256) Based on EDIFACT Rule - S/MIME

The following VB6/VBScript example codes demonstrate how to sign email to S/MIME format with digital signature (RSASSA-PSS + SHA256) and how to encrypt email with RSAES-OAEP + AES 128/192/256 + SHA256.

Installation

EASendMail is a SMTP component which supports all operations of SMTP/ESMTP protocols (RFC 821, RFC 822, RFC 2554). Before you can use the following example codes, you should download the EASendMail Installer and install it on your machine at first.

Add Reference

To use EASendMail SMTP ActiveX Object in your C++ project, the first step is “Add header files of EASendMail to your project”. Please go to C:\Program Files\EASendMail\Include\tlh or C:\Program Files (x86)\EASendMail\Include\tlh folder, find easendmailobj.tlh and easendmailobj.tli, and then copy these files to your project folder.

add reference in Visual C++

EDIFACT Rule in EUROPE

Latest EDIFACT requires RSA-SHA256 Signature Algorithm + RSASSA-PSS with SHA256 padding for digital signature, and AES128/192/256 Encrypting Algorithm + RSAES-OAEP + SHA256 Hash for email encryption.

EASendMail uses Windows built-in function to implement S/MIME, it supports RSASSA-PSS signature + SHA1 padding and AES + RSAES-OAEP, however it has a compatible problem with RSASSA-PSS signature defined in latest EDIFACT (SHA256 padding).

To comply with EDIFACT rule, we implemented an ActiveX Wrapper with Bouncy Castle library.

EASendMail ActiveX Object with Bouncy Castle

If you need to sign email with digital signature or encrypt email based on the rule of EDIFACT in EUROPE with EASendMail ActiveX Object, you should install an additional Bouncy Castle Wrapper ActiveX Object on your machine:

You can download it from: http://www.emailarchitect.net/webapp/download/BcWrapperObject.exe

To use this feature, it also requires .NET framework 2.0, 4.0 or 4.61 installed on the machine. Because .NET framework 2.0/4.0 is built-in feature in modern Windows operating system, so you don’t have to install .NET framework manually in most cases.

After you installed it on your machine, you can use the following codes to sign email based on the rule of EDIFACT.

Visual C++ - Sign Email with RSASSA-PSS + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate signing email based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

#include "stdafx.h"
#include <tchar.h>
#include <Windows.h>

#include "EASendMailObj.tlh"
using namespace EASendMailObjLib;

const int ConnectNormal = 0;
const int ConnectSSLAuto = 1;
const int ConnectSTARTTLS = 2;
const int ConnectDirectSSL = 3;
const int ConnectTryTLS = 4;

int _tmain(int argc, _TCHAR* argv[])
{
    ::CoInitialize(NULL);

    IMailPtr oSmtp = NULL;
    oSmtp.CreateInstance(__uuidof(EASendMailObjLib::Mail));
    oSmtp->LicenseCode = _T("TryIt");

    // Set your sender email address
    oSmtp->FromAddr = _T("test@emailarchitect.net");

    // Add recipient email address
    oSmtp->AddRecipientEx(_T("support@emailarchitect.net"), 0);

    // Set email subject
    oSmtp->Subject = _T("email from Visual C++ with digital signature(S/MIME)");

    // Set email body
    oSmtp->BodyText = _T("this is a test email sent from Visual C++ with digital signature");

    // Add signer digital signature
    if(oSmtp->SignerCert->FindSubject(_T("test@emailarchitect.net"),
        CERT_SYSTEM_STORE_CURRENT_USER , _T("my")) == VARIANT_FALSE)
    {
        _tprintf(_T("Error with signer certificate; %s\r\n"),
            (const TCHAR*)oSmtp->SignerCert->GetLastError());
        return 0;
    }

    if(oSmtp->SignerCert->HasPrivateKey == VARIANT_FALSE)
    {
        _tprintf(_T("certificate does not have a private key, it can not sign email.\r\n"));
        return 0;
    }

    // Use RSA-SHA256 signature, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp->SignatureHashAlgorithm = 1;
    // Use Hash 256 RSASSA_PSS padding, 0: PSS is not used; 1: PSS with default; 2: PSS with signature hash algorithm;
    oSmtp->SignatureEncryptionAlgorithm = 2;

    // Your SMTP server address
    oSmtp->ServerAddr = _T("smtp.emailarchitect.net");

    // User and password for ESMTP authentication, if your server doesn't
    // require User authentication, please remove the following codes.
    oSmtp->UserName = _T("test@emailarchitect.net");
    oSmtp->Password = _T("testpassword");

    // Most mordern SMTP servers require SSL/TLS connection now.
    // ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
    oSmtp->ConnectType = ConnectTryTLS;

    // If your SMTP server uses 587 port
    // oSmtp->ServerPort = 587;

    // If your SMTP server requires SSL/TLS connection on 25/587/465 port
    // oSmtp->ServerPort = 25; // 25 or 587 or 465
    // oSmtp->ConnectType = ConnectSSLAuto;

    _tprintf(_T("Start to send email ...\r\n"));

    if(oSmtp->SendMail() == 0)
    {
        _tprintf(_T("email was sent successfully!\r\n"));
    }
    else
    {
        _tprintf(_T("failed to send email with the following error: %s\r\n"),
            (const TCHAR*)oSmtp->GetLastErrDescription());
    }

    return 0;
}

Note

RSASSA-PSS signature generated by Bouncy Castle is not verified by most email clients (outlook, firebird …), but it does meet the requirement in EDIFACT rule.

Visual C++ - Encrypt Email with RRSAES-OAEP + AES 128/192/256 + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate encrypting email message based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

#include "stdafx.h"
#include <tchar.h>
#include <Windows.h>

#include "EASendMailObj.tlh"
using namespace EASendMailObjLib;

const int ConnectNormal = 0;
const int ConnectSSLAuto = 1;
const int ConnectSTARTTLS = 2;
const int ConnectDirectSSL = 3;
const int ConnectTryTLS = 4;

int _tmain(int argc, _TCHAR* argv[])
{
    ::CoInitialize(NULL);

    IMailPtr oSmtp = NULL;
    oSmtp.CreateInstance(__uuidof(EASendMailObjLib::Mail));
    oSmtp->LicenseCode = _T("TryIt");

    // Set your sender email address
    oSmtp->FromAddr = _T("test@emailarchitect.net");

    // Add recipient email address
    oSmtp->AddRecipientEx(_T("support@emailarchitect.net"), 0);

    // Set email subject
    oSmtp->Subject = _T("Encrypted email from Visual C++ (S/MIME)");

    // Set email body
    oSmtp->BodyText = _T("this is a test encrypted email sent from Visual C++");

    // Find the encrypting certificate for every recipients
    ICertificatePtr oCert = NULL;
    oCert.CreateInstance("EASendMailObj.Certificate");
    if(oCert->FindSubject(_T("support@emailarchitect.net"),
            CERT_SYSTEM_STORE_CURRENT_USER, _T("AddressBook")) == VARIANT_FALSE)
    {
        if(oCert->FindSubject(_T("support@emailarchitect.net"),
                CERT_SYSTEM_STORE_CURRENT_USER, _T("my")) == VARIANT_FALSE)
        {
            _tprintf(_T("Encrypting certificate not found; %s\r\n"),
                    (const TCHAR*)oCert->GetLastError());
            oCert.Release();
            return 0;
        }
    }

    // Add encrypting certificate
    oSmtp->RecipientsCerts->Add(oCert);
    oCert.Release();

    // Use AES128 encrypting algorithm, 4: AES128; 5: AES192; 6: AES256;
    oSmtp->EncryptionAlgorithm  = 4;
    // Use  RAES-OAEP with sha-256 hash algorithm, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp->OaepHashAlgorithm = 1;

    // Your SMTP server address
    oSmtp->ServerAddr = _T("smtp.emailarchitect.net");

    // User and password for ESMTP authentication, if your server doesn't
    // require User authentication, please remove the following codes.
    oSmtp->UserName = _T("test@emailarchitect.net");
    oSmtp->Password = _T("testpassword");

    // Most mordern SMTP servers require SSL/TLS connection now.
    // ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
    oSmtp->ConnectType = ConnectTryTLS;

    // If your SMTP server uses 587 port
    // oSmtp->ServerPort = 587;

    // If your SMTP server requires SSL/TLS connection on 25/587/465 port
    // oSmtp->ServerPort = 25; // 25 or 587 or 465
    // oSmtp->ConnectType = ConnectSSLAuto;

    _tprintf(_T("Start to send email ...\r\n"));

    if(oSmtp->SendMail() == 0)
    {
        _tprintf(_T("email was sent successfully!\r\n"));
    }
    else
    {
        _tprintf(_T("failed to send email with the following error: %s\r\n"),
            (const TCHAR*)oSmtp->GetLastErrDescription());
    }

    return 0;
}

Visual C++ - Sign Email with RSASSA-PSS + SHA256 and Encrypt Email with RRSAES-OAEP + AES 128/192/256 + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate signing and encrypting email message based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

#include "stdafx.h"
#include <tchar.h>
#include <Windows.h>

#include "EASendMailObj.tlh"
using namespace EASendMailObjLib;

const int ConnectNormal = 0;
const int ConnectSSLAuto = 1;
const int ConnectSTARTTLS = 2;
const int ConnectDirectSSL = 3;
const int ConnectTryTLS = 4;

int _tmain(int argc, _TCHAR* argv[])
{
    ::CoInitialize(NULL);

    IMailPtr oSmtp = NULL;
    oSmtp.CreateInstance(__uuidof(EASendMailObjLib::Mail));
    oSmtp->LicenseCode = _T("TryIt");

    // Set your sender email address
    oSmtp->FromAddr = _T("test@emailarchitect.net");

    // Add recipient email address
    oSmtp->AddRecipientEx(_T("support@emailarchitect.net"), 0);

    // Set email subject
    oSmtp->Subject = _T("Encrypted email from Visual C++ (S/MIME)");

    // Set email body
    oSmtp->BodyText = _T("this is a test encrypted email sent from Visual C++");

    // Add signer digital signature
    if(oSmtp->SignerCert->FindSubject(_T("test@emailarchitect.net"),
        CERT_SYSTEM_STORE_CURRENT_USER , _T("my")) == VARIANT_FALSE)
    {
        _tprintf(_T("Error with signer certificate; %s\r\n"),
            (const TCHAR*)oSmtp->SignerCert->GetLastError());
        return 0;
    }

    if(oSmtp->SignerCert->HasPrivateKey == VARIANT_FALSE)
    {
        _tprintf(_T("certificate does not have a private key, it can not sign email.\r\n"));
        return 0;
    }

    // Use RSA-SHA256 signature, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp->SignatureHashAlgorithm = 1;
    // Use Hash 256 RSASSA_PSS padding, 0: PSS is not used; 1: PSS with default; 2: PSS with signature hash algorithm;
    oSmtp->SignatureEncryptionAlgorithm = 2;

    // Find the encrypting certificate for every recipients
    ICertificatePtr oCert = NULL;
    oCert.CreateInstance("EASendMailObj.Certificate");
    if(oCert->FindSubject(_T("support@emailarchitect.net"),
            CERT_SYSTEM_STORE_CURRENT_USER, _T("AddressBook")) == VARIANT_FALSE)
    {
        if(oCert->FindSubject(_T("support@emailarchitect.net"),
                CERT_SYSTEM_STORE_CURRENT_USER, _T("my")) == VARIANT_FALSE)
        {
            _tprintf(_T("Encrypting certificate not found; %s\r\n"),
                    (const TCHAR*)oCert->GetLastError());
            oCert.Release();
            return 0;
        }
    }

    // Add encrypting certificate
    oSmtp->RecipientsCerts->Add(oCert);
    oCert.Release();

    // Use AES128 encrypting algorithm, 4: AES128; 5: AES192; 6: AES256;
    oSmtp->EncryptionAlgorithm  = 4;
    // Use  RAES-OAEP with sha-256 hash algorithm, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp->OaepHashAlgorithm = 1;

    // Your SMTP server address
    oSmtp->ServerAddr = _T("smtp.emailarchitect.net");

    // User and password for ESMTP authentication, if your server doesn't
    // require User authentication, please remove the following codes.
    oSmtp->UserName = _T("test@emailarchitect.net");
    oSmtp->Password = _T("testpassword");

    // Most mordern SMTP servers require SSL/TLS connection now.
    // ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
    oSmtp->ConnectType = ConnectTryTLS;

    // If your SMTP server uses 587 port
    // oSmtp->ServerPort = 587;

    // If your SMTP server requires SSL/TLS connection on 25/587/465 port
    // oSmtp->ServerPort = 25; // 25 or 587 or 465
    // oSmtp->ConnectType = ConnectSSLAuto;

    _tprintf(_T("Start to send email ...\r\n"));

    if(oSmtp->SendMail() == 0)
    {
        _tprintf(_T("email was sent successfully!\r\n"));
    }
    else
    {
        _tprintf(_T("failed to send email with the following error: %s\r\n"),
            (const TCHAR*)oSmtp->GetLastErrDescription());
    }

    return 0;
}

TLS 1.2 Protocol

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

32bit/x64 ActiveX DLL

Seperate builds of run-time dll for 32 and x64 platform

File Platform
Installation Path\Lib\native\x86\EASendMailObj.dll 32 bit
Installation Path\Lib\native\x64\EASendMailObj.dll 64 bit

Distribution

  • Standard EXE

    For VB6, C++, Delphi or other standard exe application, you can distribute EASendMailObj.dll with your application to target machine without COM-registration and installer. To learn more detail, please have a look at Registration-free COM with Manifest File.

  • Script

    For ASP, VBScript, VBA, MS SQL Stored Procedure, you need to install EASendMail on target machine by EASendMail installer, both 32bit/x64 DLL are installed and registered.

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.