SmimeDecryptAndVerify Method (MailMessage, MessageVerificationFlags, CertificateStore, CertificateStore)
Decrypts an e-mail message if it's encrypted and verifies its signature if it's signed.

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.5.0 build 687 for .NET 4.5
Syntax
public SmimeResult DecryptAndVerify(
	MailMessage message,
	MessageVerificationFlags flags,
	CertificateStore[] storesForDecrypt,
	CertificateStore extraStoreForVerify
)

Parameters

message
Type: MailBee.MimeMailMessage
The original message to be decrypted and verified.
flags
Type: MailBee.SecurityMessageVerificationFlags
A set of flags which specify the verification criteria.
storesForDecrypt
Type: MailBee.SecurityCertificateStore
The array of the certificate stores to be searched for the appropriate certificate for decrypting the message, or a null reference (Nothing in Visual Basic) if Personal system storage should be used.
extraStoreForVerify
Type: MailBee.SecurityCertificateStore
A reference to the certificate store containing additional certificates of the certification authorities, or a null reference (Nothing in Visual Basic) if only the system default certification authorities should be used for validating the certificate of the message signature.

Return Value

Type: SmimeResult
A reference to SmimeResult object containing either the decrypted message or the original message if it was not encrypted; a null reference (Nothing in Visual Basic) if the decryption process failed.
Exceptions
ExceptionCondition
MailBeeInvalidArgumentExceptionmessage is a null reference (Nothing in Visual Basic).
MailBeeCertificateStoreWin32ExceptionA WinAPI error occurred during opening Personal certificate store and ThrowExceptions is true.
MailBeeSmimeWin32ExceptionA WinAPI error occurred while performing S/MIME operation and ThrowExceptions is true.
MailBeeCertificateExceptionA certificate error occurred ThrowExceptions is true. Typically, if the error message is "Keyset does not exist", indicates that there is no private key in the certicate required for decryption.
Remarks

The returned SmimeResult object provides access to the return values of this method, including DecryptedMessage, DecryptionCertificate, VerificationResult, and SignatureCertificate.

Thus, to access the decrypted message, use DecryptedMessage property; to get the certificate used for decryption, use DecryptionCertificate property.

To check the result of the message signature verification, examine VerificationResult property value. To access the signature certificate, use SignatureCertificate property.

See Decrypt(MailMessage) and Verify(MailMessage, MessageVerificationFlags, CertificateStore) topics for more details on decryption and verification process.

Note Note
This method is not available in .NET Standard 2.0 and newer (because it relies on Win32 API). Use DecryptAndVerify2(MailMessage, MessageVerificationFlags, X509Certificate2Collection, X509Certificate2Collection) instead.
Examples
This sample loads the message from the disk file, decrypts and verifies it.
// To use the code below, import these namespaces at the top of your code
using System;
using MailBee;
using MailBee.Mime;
using MailBee.Security;

// The actual code (put it into a method of your class)

// Load the message from file.
MailMessage msg = new MailMessage();
msg.LoadMessage(@"C:\Temp\encrypted.eml");

Smime objSmime = new Smime();

try
{
    // Verify the message.
    SmimeResult smResult = objSmime.DecryptAndVerify(msg, MessageVerificationFlags.All,
        new CertificateStore[] {new CertificateStore(CertificateStore.Personal, CertStoreType.System, null)}, null);
    MessageVerificationFlags resultOptions = smResult.VerificationResult;

    // Check whether verification has been passed successfully.
    if (resultOptions != MessageVerificationFlags.None)
    {
        if ((resultOptions & MessageVerificationFlags.CertificateRevoked) == MessageVerificationFlags.CertificateRevoked)
        {
            Console.WriteLine("Error! Certificate revoked...");
        }
        if ((resultOptions & MessageVerificationFlags.MessageTampered) == MessageVerificationFlags.MessageTampered)
        {
            Console.WriteLine("Error! Message has been tampered...");
        }
        if ((resultOptions & MessageVerificationFlags.SignatureExpired) == MessageVerificationFlags.SignatureExpired)
        {
            Console.WriteLine("Error! Signature expired...");
        }
        if ((resultOptions & MessageVerificationFlags.SignerAndSenderDoNotMatch) == MessageVerificationFlags.SignerAndSenderDoNotMatch)
        {
            Console.WriteLine("Error! Signer and sender do not match...");
        }
        if ((resultOptions & MessageVerificationFlags.Untrusted) == MessageVerificationFlags.Untrusted)
        {
            Console.WriteLine("Error! Untrusted certificate...");
        }
    }
    if (smResult.SignatureCertificate != null)
    {
        Console.WriteLine(smResult.SignatureCertificate.Subject);
    }
    if (smResult.DecryptionCertificate != null)
    {
        Console.WriteLine(smResult.DecryptionCertificate.Subject);
    }
    if (smResult.DecryptedMessage != null)
    {
        Console.WriteLine(smResult.DecryptedMessage.BodyPlainText);
    }
}
catch (MailBeeException ex)
{
    Console.WriteLine(ex.Message);
}
See Also