Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Objects
 AfterLogic Forum : MailBee.NET Objects
Subject Topic: Verifying signature of the message Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 22 November 2018 at 4:05am | IP Logged Quote mackolo22
Hi,
I've got a problem with verifying signature of the mail message. When I download message from the server and run Smime.Verify method it works great - I can see that message is signed by IsSigned property and get details about certificate from result of that method. After downloading message I store it in database as my new type. Object of this type contains metadata of "smime.p7s" file attached to downloaded message. I would like to implement functionality that enables user to verify message on demand. To do this I convert my message object to MailBee.Mime.MailMessage object. I add "smime.p7s" file as an attachment to that object as follows:
mailMessage.Attachments.Add(bytes, fileName, String.Empty, null, null, NewAttachmentOptions.None, MailTransferEncoding.Base64)

Then I save this message to eml file, read it back and IsSigned property is false and also list of attachements is empty. I don't know what I'm doing wrong.

Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 22 November 2018 at 4:08am | IP Logged Quote mackolo22
And I also would like to know when and how IsSigned property is getting assigned. MailMessage has to have attached "smime.p7s"?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 22 November 2018 at 4:30am | IP Logged Quote mackolo22
Also, when I export signed message from Thunderbird to .eml file and then open it using LoadMessage method it shows that this message is signed, "smime.p7s" attachement is on the list and I can successfully get certificate details using Verify method.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 22 November 2018 at 5:44am | IP Logged Quote Alex
It's about Content-Type. You can't just add "smime.p7s" attachment to make the message signed (it won't get "Content-Type: multipart/signed" header). Using Sign/SignAndEncrypt method is the only way to sign the message.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 27 November 2018 at 12:03am | IP Logged Quote mackolo22
Hi Alex!
Now I understand, it works great. Thank you very much!
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 27 November 2018 at 12:18am | IP Logged Quote mackolo22
I've got another question. Will the signed message downloaded from server always have "smime.p7s" attachement, or can it be some other file?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 27 November 2018 at 1:18am | IP Logged Quote Alex
Or it can have smime.p7m attachment. This is usually for encrypted emails (which can be signed as well). Sometimes smime.p7m attachment denotes signed message only (not encrypted). In case of p7m signature is embedded directly in the data of this MIME part (i.e. it's not separated from the data it signs).

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 28 November 2018 at 4:43am | IP Logged Quote mackolo22
Hi,
I've got another problem. I convert my message to MailMessage object, then get the certificate from the attachement (smime.p7s file), create certificate object from that file (and it works), but when I try to sign the message the exception is thrown "S/MIME-related Win32 function returned an error. See NativeErrorCode property value for more information. The Win32 error code is: -2146885621.". I understand that I have to have the private key installed on my computer, but I'm not able to. Is there any way to verify mail signature and certificate on demand? I could do this during downloading the message but then I would have to store additional data in database, and that's what I want to avoid.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 28 November 2018 at 4:56am | IP Logged Quote Alex
In the first sentence you're writing "when I try to sign", but later asking about "verify". You can verify an S/MIME message but not sign (without private key).

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 28 November 2018 at 5:22am | IP Logged Quote mackolo22
Yes, because I tried to sign the message and then be able to verify it. But I forgot about private key... Nevermind, that was my mistake.

Ok, now I am able to get some data from the certificate object created using smime.p7s file. But as I see, I am not able to get the information to who this certificate is issued and what are the actual "valid from" and "valid to" dates, right? Is there any other way to get that information?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6038
Posted: 28 November 2018 at 5:26am | IP Logged Quote Igor
When saying "not able to get the information", what exactly do you mean? Are you getting any exception, if yes, what does it say? Or there are empty values returned?

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 28 November 2018 at 5:48am | IP Logged Quote mackolo22
I mean that certificate properties 'IssuedTo' and 'IssuedBy' are both set to: "Certum Trusted Network CA". But when I directly download message signed with the same certificate and run the Verify method on it then smimeResult.SignatureCertificate.IssuedTo is actual address of the sender and IssuedBy says "Certum Digital Identification CA SHA2". Also dates, serial number, thumbprint and other values are different. I am sure it's all about the fact that I get this certificate directly from the smime.p7s file and not using Verify method.

So maybe to avoid more questions: Is there any way to verify e-mail signature on demand if that mail was downloaded from server and now is stored in user's database as other type? I can verify that message just after downloading it but as I said, I would like to avoid storing additional information in database. I saw that Thunderbird shows all details about certificates of signed messages and I would like to implement the same functionality.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 28 November 2018 at 6:03am | IP Logged Quote Alex
Once you got smimeResult.SignatureCertificate, use AsX509Certificate property. You'll get the standard .NET Certificate object which has lots of methods to save the certificate into memory or restore it later. You'll have access to all certificate properties as well.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 28 November 2018 at 6:11am | IP Logged Quote mackolo22
Ok thanks, but I found out that I am able to get all valid data. Previously I created certificate this way:
var certificate = new Certificate(bytes, CertFileType.P7b, null)
where bytes is smime.p7s file content. When I change the flag to Pfx or Cer the certificate details are valid. How it works?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 28 November 2018 at 6:51am | IP Logged Quote Alex
Well, I never did it this way but looks like it's still the way to go. As p7s has the same format as Cer files. However, it won't work for p7m signatures which have message and signature in the same MIME part. So the approach I showed earlier is more universal.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 29 November 2018 at 4:27am | IP Logged Quote mackolo22
Thank you very much Alex and Igor.
Regards.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide