How to decrypt an encrypted email with a non exportable private key from the password protected keystore?

Question

I have been looking at you mail library with great interest.
I am in the process of writing code to decrypt encrypted emails automatically.

With the Limilabs library I am able to do so, but the non exportable private key is password protected.

When I debug the code and reach the CreateFromEml function, a popup appears in which to provide the password for the private key.

Is it possible to provide this password from code somehow?
The code should execute without any user interaction.

Any help would be appreciated and if we get this up and running, a license will be bought.

Answer 1

By default MailBuilder tries to automatically decrypt emails.

It uses current account's/local machine's key store.

It is the store that prompts you for the password.

When you placed the certificate in the store you specifically asked it to
- prompt you for password every time private key is accessed and
- for the private key to be non-exportable.

What you are trying to do now is to bypass Windows security - most likely you will not succeed.

Your options are:
- export certificate to pfx file and provide it directly to Mail.dll
- place the certificate in the store without 'ask for password every time I used it' option checked:

You can provide the certificate (with private key) from code:

X509Certificate2 certificate = new X509Certificate2(
    @"certificate.pfx", 
    "PFX-PASSWORD-GOES-HERE", 
    X509KeyStorageFlags.PersistKeySet);

MailBuilder builder = new MailBuilder();
builder.SMIMEConfiguration.Certificates.Add(certificate);
IMail decrypted= builder.CreateFromEml(eml);

Comments

Thanks for the explanation. We are unfortunately not able to get the PFX file by some company policy.

---

Then ask IT to re-install the certificate in the store without 'Enable strong private key protection' option checked.