Validate S/MIME emails

In this article we’ll show how to verify digitally signed emails (S/MIME) using Mail.dll email component.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.

S/MIME was originally developed by RSA Data Security. Specification uses Cryptographic Message Syntax, an IETF specification that is identical in most respects with PKCS #7. S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity, non-repudiation of origin (using digital signatures), privacy and data security (using encryption).

S/MIME signatures are usually done with what’s called “detached signatures”. The signature information is separate from the text being signed. The MIME type for this is multipart/signed with the second part having a MIME subtype of application/(x-)pkcs7-signature.

Sometimes attached signatures (application/pkcs7-mime; smime-type=”signed-data”) format is used. In such case signature and data are represented by single MIME entity. Mail.dll recognizes both detached and attached signatures.

To check if the message has been signed use IsSigned property on IMail object.
CheckSignature(bool verifySignatureOnly) method is used for signature validation.

Using IMAP protocol

// C# 

using (Imap imap = new Imap())
{
    imap.Connect("imap.example.com"); // or ConnectSSL
    imap.UseBestLogin("user", "password");

    MailBuilder builder = new MailBuilder();
    foreach (long uid in imap.GetAll())
    {
        IMail email = builder.CreateFromEml(
            imap.GetMessageByUID(uid));

        // Check signature
        if (email.IsSigned == true)
            email.CheckSignature(true);
    }
    imap.Close();
}

' VB.NET

Using imap As New IMAP()
    imap.Connect("imap.example.com") ' or ConnectSSL
    imap.UseBestLogin("user", "password")

    Dim builder As New MailBuilder()
    For Each uid As Long In imap.GetAll()
        Dim email As IMail = builder.CreateFromEml( _
            imap.GetMessageByUID(uid))

        ' Check signature
        If email.IsSigned = True Then
            email.CheckSignature(True)
        End If
    Next
    imap.Close()
End Using

Using POP3 protocol

using (Pop3 pop3 = new Pop3())
{
    pop3.Connect("pop3.example.com"); // or ConnectSSL
    pop3.Login("user", "password");

    MailBuilder builder = new MailBuilder();
    foreach (string uid in pop3.GetAll())
    {
        IMail email = builder.CreateFromEml(
            pop3.GetMessageByUID(uid));

        // Check signature
        if (email.IsSigned == true)
            email.CheckSignature(true);
    }
    pop3.Close();
}
Using pop3 As New Pop3()
    pop3.Connect("pop3.example.com") ' or ConnectSSL
    pop3.Login("user", "password")

    Dim builder As New MailBuilder()
    For Each uid As String In pop3.GetAll()
        Dim email As IMail = builder.CreateFromEml( _
            pop3.GetMessageByUID(uid))

        ' Check signature
        If email.IsSigned = True Then
            email.CheckSignature(True)
        End If
    Next
    pop3.Close()
End Using

CheckSignature method will throw an exception, if it fails to verify the signature.

Tags:        

Questions?

Consider using our Q&A forum for asking questions.

One Response to “Validate S/MIME emails”

  1. Send signed email receive encrypted Says:

    […] Validate S/MIME emails […]