Author |
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 22 November 2018 at 4:05am | IP Logged
|
|
|
Hi,
I've got a problem with verifying signature of the mail message. When I download message from the server and run Smime.Verify method it works great - I can see that message is signed by IsSigned property and get details about certificate from result of that method. After downloading message I store it in database as my new type. Object of this type contains metadata of "smime.p7s" file attached to downloaded message. I would like to implement functionality that enables user to verify message on demand. To do this I convert my message object to MailBee.Mime.MailMessage object. I add "smime.p7s" file as an attachment to that object as follows:
mailMessage.Attachments.Add(bytes, fileName, String.Empty, null, null, NewAttachmentOptions.None, MailTransferEncoding.Base64)
Then I save this message to eml file, read it back and IsSigned property is false and also list of attachements is empty. I don't know what I'm doing wrong.
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 22 November 2018 at 4:08am | IP Logged
|
|
|
And I also would like to know when and how IsSigned property is getting assigned. MailMessage has to have attached "smime.p7s"?
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 22 November 2018 at 4:30am | IP Logged
|
|
|
Also, when I export signed message from Thunderbird to .eml file and then open it using LoadMessage method it shows that this message is signed, "smime.p7s" attachement is on the list and I can successfully get certificate details using Verify method.
|
Back to Top |
|
|
Alex AfterLogic Support
Joined: 19 November 2003
Online Status: Offline Posts: 2206
|
Posted: 22 November 2018 at 5:44am | IP Logged
|
|
|
It's about Content-Type. You can't just add "smime.p7s" attachment to make the message signed (it won't get "Content-Type: multipart/signed" header). Using Sign/SignAndEncrypt method is the only way to sign the message.
Regards,
Alex
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 27 November 2018 at 12:03am | IP Logged
|
|
|
Hi Alex!
Now I understand, it works great. Thank you very much!
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 27 November 2018 at 12:18am | IP Logged
|
|
|
I've got another question. Will the signed message downloaded from server always have "smime.p7s" attachement, or can it be some other file?
|
Back to Top |
|
|
Alex AfterLogic Support
Joined: 19 November 2003
Online Status: Offline Posts: 2206
|
Posted: 27 November 2018 at 1:18am | IP Logged
|
|
|
Or it can have smime.p7m attachment. This is usually for encrypted emails (which can be signed as well). Sometimes smime.p7m attachment denotes signed message only (not encrypted). In case of p7m signature is embedded directly in the data of this MIME part (i.e. it's not separated from the data it signs).
Regards,
Alex
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 28 November 2018 at 4:43am | IP Logged
|
|
|
Hi,
I've got another problem. I convert my message to MailMessage object, then get the certificate from the attachement (smime.p7s file), create certificate object from that file (and it works), but when I try to sign the message the exception is thrown "S/MIME-related Win32 function returned an error. See NativeErrorCode property value for more information. The Win32 error code is: -2146885621.". I understand that I have to have the private key installed on my computer, but I'm not able to. Is there any way to verify mail signature and certificate on demand? I could do this during downloading the message but then I would have to store additional data in database, and that's what I want to avoid.
|
Back to Top |
|
|
Alex AfterLogic Support
Joined: 19 November 2003
Online Status: Offline Posts: 2206
|
Posted: 28 November 2018 at 4:56am | IP Logged
|
|
|
In the first sentence you're writing "when I try to sign", but later asking about "verify". You can verify an S/MIME message but not sign (without private key).
Regards,
Alex
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 28 November 2018 at 5:22am | IP Logged
|
|
|
Yes, because I tried to sign the message and then be able to verify it. But I forgot about private key... Nevermind, that was my mistake.
Ok, now I am able to get some data from the certificate object created using smime.p7s file. But as I see, I am not able to get the information to who this certificate is issued and what are the actual "valid from" and "valid to" dates, right? Is there any other way to get that information?
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6103
|
Posted: 28 November 2018 at 5:26am | IP Logged
|
|
|
When saying "not able to get the information", what exactly do you mean? Are you getting any exception, if yes, what does it say? Or there are empty values returned?
--
Regards,
Igor, Afterlogic Support
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 28 November 2018 at 5:48am | IP Logged
|
|
|
I mean that certificate properties 'IssuedTo' and 'IssuedBy' are both set to: "Certum Trusted Network CA". But when I directly download message signed with the same certificate and run the Verify method on it then smimeResult.SignatureCertificate.IssuedTo is actual address of the sender and IssuedBy says "Certum Digital Identification CA SHA2". Also dates, serial number, thumbprint and other values are different. I am sure it's all about the fact that I get this certificate directly from the smime.p7s file and not using Verify method.
So maybe to avoid more questions: Is there any way to verify e-mail signature on demand if that mail was downloaded from server and now is stored in user's database as other type? I can verify that message just after downloading it but as I said, I would like to avoid storing additional information in database. I saw that Thunderbird shows all details about certificates of signed messages and I would like to implement the same functionality.
|
Back to Top |
|
|
Alex AfterLogic Support
Joined: 19 November 2003
Online Status: Offline Posts: 2206
|
Posted: 28 November 2018 at 6:03am | IP Logged
|
|
|
Once you got smimeResult.SignatureCertificate, use AsX509Certificate property. You'll get the standard .NET Certificate object which has lots of methods to save the certificate into memory or restore it later. You'll have access to all certificate properties as well.
Regards,
Alex
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 28 November 2018 at 6:11am | IP Logged
|
|
|
Ok thanks, but I found out that I am able to get all valid data. Previously I created certificate this way:
var certificate = new Certificate(bytes, CertFileType.P7b, null)
where bytes is smime.p7s file content. When I change the flag to Pfx or Cer the certificate details are valid. How it works?
|
Back to Top |
|
|
Alex AfterLogic Support
Joined: 19 November 2003
Online Status: Offline Posts: 2206
|
Posted: 28 November 2018 at 6:51am | IP Logged
|
|
|
Well, I never did it this way but looks like it's still the way to go. As p7s has the same format as Cer files. However, it won't work for p7m signatures which have message and signature in the same MIME part. So the approach I showed earlier is more universal.
Regards,
Alex
|
Back to Top |
|
|
mackolo22 Groupie
Joined: 09 October 2018 Location: Poland
Online Status: Offline Posts: 41
|
Posted: 29 November 2018 at 4:27am | IP Logged
|
|
|
Thank you very much Alex and Igor.
Regards.
|
Back to Top |
|
|