19. januar 2010 by Thomas Stern
Final part in the serie c# encrypting mail.
So now we got the content build and signed. Now what is left to
do i encrypting the content.
In this post we have a look at how the structure of the content
should just before it is encrypted, and how to encrypt the
Link to part
To encrypt the content I will use the GetCert method that we did
in part 4 of this series.
As with the signing part we will split this encryption into two
bits. adding boundary to the content and encrypting part.
First the encrypting part:
public byte DoEncrypt(string message, X509Certificate2 encryptionCertificates)
byte messageBytes = Encoding.ASCII.GetBytes(message);
EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(messageBytes));
CmsRecipient recipients = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, encryptionCertificates);
With this function done we can now ready the content for
encryptions. We add a simple boundary to the content and specifies
what type the innner boundary is of. Important that if you skipped
the signing part that you change this accordingly to match the type
of you content.
Here is the code for encrypting and sending the mail:
public void encrypt(string content)
MailMessage message = new System.Net.Mail.MailMessage();
string encryptedContentType = "application/x-pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\"";
string signatureBoundry2 = "--PTBoundry=3";
StringBuilder fullUnencryptedMessageBuilder = new StringBuilder();
fullUnencryptedMessageBuilder.Append("\"; protocol=\"application/x-pkcs7-signature\"; micalg=SHA1; ");
string fullUnencryptedMessage = fullUnencryptedMessageBuilder.ToString();
byte encryptedBytes = DoEncrypt(fullUnencryptedMessage, GetCert());
MemoryStream stream = new MemoryStream(encryptedBytes);
AlternateView view = new AlternateView(stream, "application/pkcs7-mime; smime-type=signed-data;name=smime.p7m");
message.From = new MailAddress("email@example.com");
message.Subject = "TEST";
SmtpClient smtp = new SmtpClient("smtp.yourdomain.com");
This function also sends out the mail you might wanna spilt this
up to seperate methods. And do remember to give valide email
adresses and a sane smtphost.
Now lets have a look at the result:
Yes there is a warning with the signature but rember in part 1
where did a selfsigned certificate this is the problem, but you cal
always just accept the signature as trusted in your outlook.
Okay so how doesn't the content that we build look like just
before it is encrypted ?
If hightligthe the different steps we done in this series.
link to image
Also note the diffenrent boundary references from one part to
underlaying content part.
you can find the code file for this project in the download
section here is a
Rememer to change email smtp host and serial for certificat
Note you should implement all the explained methods in nice
class's that wraps all this functionality into one simple class.
The code file you can download is constructed as a simple file so i
would be easier to explain howto encrypt and sign emails. It is not
intended to be used for production purposes.
Finished you now know ho to encrypt and sign mails with c#.
c# encrypting and signing mail