Email Security and Encryption

Encrypt/Decrypt Messages

Aspose.Email provides the facility to encrypt and decrypt email messages using the X509Certificates. This article shows how an existing or new message can be loaded and encrypted using MailMessage. The Encrypt() and Decrypt() methods return a MailMessage object for the applied effects and need to be taken care of while encrypting/decrypting messages. Encrypting and decrypting messages involves the following steps:

  1. Create a new message or load an existing one
  2. Load an encryption certificate using the X509Certificate object
  3. Encrypt the message using the certificate
  4. Send the message or save it
  5. Decrypt the message as required

The following code snippet shows you how to encrypt and decrypt messages.

// For complete examples and data files, please go to https://github.com/aspose-email/Aspose.Email-for-.NET
// The path to the File directory.
string dataDir = RunExamples.GetDataDir_Email();
string publicCertFile = dataDir + "MartinCertificate.cer";
string privateCertFile = dataDir + "MartinCertificate.pfx";
X509Certificate2 publicCert = new X509Certificate2(publicCertFile);
X509Certificate2 privateCert = new X509Certificate2(privateCertFile, "anothertestaccount");
// Create a message
MailMessage msg = new MailMessage("atneostthaecrcount@gmail.com", "atneostthaecrcount@gmail.com", "Test subject", "Test Body");
// Encrypt the message
MailMessage eMsg = msg.Encrypt(publicCert);
if (eMsg.IsEncrypted == true)
Console.WriteLine("Its encrypted");
else
Console.WriteLine("Its NOT encrypted");
// Decrypt the message
MailMessage dMsg = eMsg.Decrypt(privateCert);
if (dMsg.IsEncrypted == true)
Console.WriteLine("Its encrypted");
else
Console.WriteLine("Its NOT encrypted");
view raw Examples-CSharp-Email-EncryptAndDecryptMessage-EncryptAndDecryptMessage.cs hosted with ❤ by GitHub

Verify Message Encryption

Aspose.Email MailMessage class allows you to check if a message is encrypted or not. The IsEncryptedproperty of MailMessage allows you to check this as shown in the following code sample.

// For complete examples and data files, please go to https://github.com/aspose-email/Aspose.Email-for-.NET
MailMessage mailMessageOrig = MailMessage.Load(Path.Combine(dataDir, "Message.msg"), new MsgLoadOptions());
X509Certificate2 publicCert = new X509Certificate2(publicCertFile);
X509Certificate2 privateCert = new X509Certificate2(privateCertFile, "anothertestaccount");
Console.WriteLine("Message is encrypted: {0}" , mailMessageOrig.IsEncrypted);
MailMessage mailMessage = mailMessageOrig.Encrypt(publicCert);
Console.WriteLine("Message is encrypted: {0}", mailMessage.IsEncrypted);
mailMessage = mailMessage.Decrypt(privateCert);
Console.WriteLine("Message is encrypted: {0}", mailMessage.IsEncrypted);
view raw Examples-CSharp-Email-CheckMessageForEncryption-CheckMessageForEncryption.cs hosted with ❤ by GitHub

Checking Secure Emails Signature

The SecureEmailManager class allows you to check the signature of secure MailMessage objects.

The SmimeResult class stores the results of the check.

The following methods of the SecureEmailManager class and a code snippet will enable you to process a signature:

var eml = MailMessage.Load(fileName);
var result = new SecureEmailManager().CheckSignature(eml);

var certFileName = "cert.pfx";
var cert = new X509Certificate2(certFileName, "pass");
var eml = MailMessage.Load(fileName);
var store = new X509Store();
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();

var result = new SecureEmailManager().CheckSignature(eml, cert, store);

Sign Emails with DKIM

NOTE: The feature is accessible only for the library versions targeting .NET Framework. Versions, targeting .NET Core, do not have this feature.

Aspose.Email allows signing Email with DKIM (DomainKeys Identified Mail). This lets an organization take responsibility for a message that is in transit (More Info). DKIM adds a digital signature to the email message headers that can be validated by recipients. The public key of the sender enables the receiver to verify that the signature matches the message’s contents. The DKIMSign method of the MailMessage class is used to set the cryptographic and signature information for signing the message. The following code snippet shows you how to sign emails with DKIM.

var eml = new MailMessage("sender@gmail.com", "receiver@gmail.com", "Some subject", "Some body text");

string privateKeyFile = "key2.pem";
RSACryptoServiceProvider rsa = PemReader.GetPrivateKey(privateKeyFile);
DKIMSignatureInfo signInfo = new DKIMSignatureInfo("test", "somedomain.com");

var signedEml = eml.DKIMSign(rsa, signInfo);
Load and Save Email Message Email Messages Advanced Management