avalero008
  • avalero008
  • 52.25% (Neutral)
  • Newbie Topic Starter
6 years ago
Hello,

I have built a program in C# to send signed and encrypted emails automatically with the EAsendmail library but the receiver replies that he can not process the message because the hash algorithm is not correct.

The algorithm must be SHA256 or SHA512 and they say I'm sending with the default parameter SHA1. I'm confused with this because in my program I'm using the following statement: 

oMail.SignatureHashAlgorithm = EASendMail.SignatureHashAlgorithmType.SHA256;

Is the way to indicate the hash algorithm incorrect? Maybe the problem is the moment I indicate the sentence? I include below the rest of the code if it helps:

SmtpMail oMail = new SmtpMail("myProductKey");
oMail.EncryptionAlgorithm = EASendMail::EASendMail.EncryptionAlgorithmType.ENCRYPTION_ALGORITHM_AES192;
oMail.SignatureHashAlgorithm = EASendMail::EASendMail.SignatureHashAlgorithmType.SHA256;
SmtpClient oSmtp = new SmtpClient();
oMail.From = "mydirection@domain.com";
oMail.Subject = filename;
oMail.TextBody = "EDIFACT - Nachricht";

bool encontradoCifrado = false;

EASendMail.Certificate[] certificadosCifrado = EASendMail::EASendMail.Certificate.FindCertificates("",
                Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
                "MY");
subjectBuscado = "C=DE, S=Berlin, L=Berlin, O=AAAAAAAAAA GMBH, OU=BBBBBBBBBB, OU=Commercial, CN=CCCCCCCC, E=mydirection@domain.com"; 
for (int j = 0; j < certificadosCifrado.Length; j++)
                {
                    
                    if (certificadosCifrado[j].Subject == subjectBuscado)
                    {
                        MailAddress oAddressfrom = oMail.From as MailAddress;
                        oAddressfrom.Certificate = certificadosCifrado[j];
                        encontradoCifrado = true;
                        break;
                    }
                }
MailAddress oAddressto;
oMail.To = "receiver@domain.com";
oAddressto = oMail.To[0] as MailAddress;
oAddressto.Certificate.Load("C/certificados/CERTIFICATE1.cer");
String attach = Convert.ToBase64String(File.ReadAllBytes(fileName));
oMail.AddAttachment( onlyfilename,attach);
SmtpServer oServer = new SmtpServer("smtp.domain.com");
oServer.Port = 25;
if(encontradoCifrado){
                try
                {
                    oSmtp.SendMail(oServer, oMail);
                    Console.WriteLine("email was sent successfully!");

                }
                catch (Exception ep)
                {
                    Console.WriteLine("failed to send email with the following error:");
                    Console.WriteLine(ep.Message);
                    Console.ReadKey();
}
}

The response is that I am using the DEFAULT params for hash algorithm:

RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
}



Can you please help me to correctly change the hash algorithm to SHA256?

Thank you,

Greetings

Alex
ivan
  • ivan
  • 100% (Exalted)
  • Administration
6 years ago
Hi, thanks for using our software.

You need a special version of EASendMail to implement RSA-OAEP Encryption + Sha256 hash and RSASSA-PSS signature, i guess that is a requirement in Germany.

Please check your private message in the forum, i will send you the detail.
+1
ivan
  • ivan
  • 100% (Exalted)
  • Administration
6 years ago

By default, EASendMail uses windows/.NET built-in function to implement S/MIME, but it seems there is a compatible problem with RSASSA-PSS signature.

So we implemented another version by Bouncy Castle library. 


// Digital signature with sha-256 hash algorithm (formal EASendMail)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;

// Digital signature with sha-256 hash algorithm + RSASSA-PSS signature (EASendMail with bouncy castle version)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
oMail.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;

// Email encryption with RAES-OAEP-128 (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;

// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
 oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;

To use RSASSA-PSS signature, you must download and use this version.

http://www.emailarchitect.net/webapp/download/easendmail.bc.exe 

Note: RSASSA-PSS signature by Bouncy Castle is not verified by most email clients (outlook, firebird ...), but it does meet the requirement in Germany.

If you don't use RSASSA-PSS signature, you don't have to use EASendMail + bouncy castle, just set it 

// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
 oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;
+1
ivan
  • ivan
  • 100% (Exalted)
  • Administration
6 years ago
In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Germany, you'd better to use this version:

http://www.emailarchitect.net/webapp/download/easendmail.bc.exe 

It uses SHA256 hash signature + SHA256 padding scheme.
+1
avalero008
  • avalero008
  • 52.25% (Neutral)
  • Newbie Topic Starter
6 years ago

In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:

http://www.emailarchitect.net/webapp/download/easendmail.bc.exe 

It uses SHA256 hash signature + SHA256 padding scheme.

Originally Posted by: ivan 



Hello Ivan,

First of all thank you very much for your messages.

That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.

I have a doubt: in the formal EASendmail I see that the SmtpMail object  doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?

Thanks again,

Alex
ivan
  • ivan
  • 100% (Exalted)
  • Administration
6 years ago

In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:

http://www.emailarchitect.net/webapp/download/easendmail.bc.exe 

It uses SHA256 hash signature + SHA256 padding scheme.

Originally Posted by: avalero008 



Hello Ivan,

First of all thank you very much for your messages.

That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.

I have a doubt: in the formal EASendmail I see that the SmtpMail object  doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?

Thanks again,

Alex

Originally Posted by: ivan 



This property is undocumented, but it is existed, but it requires EASendMail 7.5.0.1 or later version. If you're using an older version, please download the latest version. Or you can use EASendMail BC version and have a try. Because you have to use RSASSA-PSS signature scheme, so BC version is the only solution.
+1
avalero008
  • avalero008
  • 52.25% (Neutral)
  • Newbie Topic Starter
6 years ago
I have tried with EAsendmail BC and it works!

Thank you very much Ivan, great support.

Regards,

Alex
Flambo
  • Flambo
  • 50.75% (Neutral)
  • Newbie
6 years ago
Hi,
I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll:

[10:28:47 ERR] Exception while attempting to send email
System.ArgumentException: Unsupported algorithm specified
Parameter name: privateKey
   at Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(AsymmetricAlgorithm privateKey)
   at .( , Byte[] , Boolean )
   at .( , Byte[] , Boolean )
   at EASendMail.SmtpMail.()
   at EASendMail.SmtpMail.get_EncodedContent()
   at EASendMail.SmtpClient.SendMail(SmtpMail mail)

The code that I use looks like this:

        public async Task Send(Mail mail, ConnectionInfo connectionInfo, MailSecurityOptions mailSecurityOptions)
        {
            var message = new SmtpMail("TryIT")
            {
                Subject = mail.subject
            };

            foreach (var attachment in mail.attachments)
            {
                var content = Convert.FromBase64String(attachment.content);
                message.AddAttachment(attachment.fileName, content);
            }

            message.TextBody = mail.body;
            message.HtmlBody = mail.body;

            message.Sender = new MailAddress(mail.sender.name, mail.sender.address);
            message.From = new MailAddress(mail.sender.name, mail.sender.address);

            message.Headers.Add(new HeaderItem("X-Mailer", "Outlook 14.0"));
            message.Headers.Add("Content-Language", "da");

            foreach (var recipient in mail.recipients)
            {
                    message.To.Add(new MailAddress("", recipient.address));
            }

            message.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
            message.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;
            var signerCertificate = _certificateService.GetCertificateBySenderEmail(message.From.Address);
            message.From.Certificate = signerCertificate;

            var smtpServer = new SmtpServer(connectionInfo.Host);
            if (!string.IsNullOrEmpty(connectionInfo.Username) || !string.IsNullOrEmpty(connectionInfo.Password))
            {
                smtpServer.User = connectionInfo.Username;
                smtpServer.Password = connectionInfo.Password;
            }
            var client = new SmtpClient();
            client.SendMail(smtpServer, message);
        }

Can anyone spot what I'm missing?
ivan
  • ivan
  • 100% (Exalted)
  • Administration
6 years ago

Hi,
I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll:


Can anyone spot what I'm missing?

Originally Posted by: Flambo 



Hi, your code looks good, but it seems the private key couldn't be exported. Please email to support@emailarchitect.net so that we can provide support directly.
Similar Topics
Users browsing this topic

    EXPLORE TUTORIALS

    Send Email
    Read and Parse Email
    DKIM Solution
    © All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.