Smime.DecryptAndVerify Method (MailMessage, MessageVerificationFlags, CertificateStore[], CertificateStore)

SmimeDecryptAndVerify Method (MailMessage, MessageVerificationFlags, CertificateStore, CertificateStore)

Decrypts an e-mail message if it's encrypted and verifies its signature if it's signed.

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.4 build 677 for .NET 4.5

Syntax

public SmimeResult DecryptAndVerify(
	MailMessage message,
	MessageVerificationFlags flags,
	CertificateStore[] storesForDecrypt,
	CertificateStore extraStoreForVerify
)

Public Function DecryptAndVerify ( 
	message As MailMessage,
	flags As MessageVerificationFlags,
	storesForDecrypt As CertificateStore(),
	extraStoreForVerify As CertificateStore
) As SmimeResult

Parameters

message: Type: MailBee.MimeMailMessage
The original message to be decrypted and verified.
flags: Type: MailBee.SecurityMessageVerificationFlags
A set of flags which specify the verification criteria.
storesForDecrypt: Type: MailBee.SecurityCertificateStore
The array of the certificate stores to be searched for the appropriate certificate for decrypting the message, or a null reference (Nothing in Visual Basic) if Personal system storage should be used.
extraStoreForVerify: Type: MailBee.SecurityCertificateStore
A reference to the certificate store containing additional certificates of the certification authorities, or a null reference (Nothing in Visual Basic) if only the system default certification authorities should be used for validating the certificate of the message signature.

Return Value

Type: SmimeResult
A reference to SmimeResult object containing either the decrypted message or the original message if it was not encrypted; a null reference (Nothing in Visual Basic) if the decryption process failed.

Exceptions

Exception	Condition
MailBeeInvalidArgumentException	message is a null reference (Nothing in Visual Basic).
MailBeeCertificateStoreWin32Exception	A WinAPI error occurred during opening Personal certificate store and ThrowExceptions is true.
MailBeeSmimeWin32Exception	A WinAPI error occurred while performing S/MIME operation and ThrowExceptions is true.

Remarks

The returned SmimeResult object provides access to the return values of this method, including DecryptedMessage, DecryptionCertificate, VerificationResult, and SignatureCertificate.

Thus, to access the decrypted message, use DecryptedMessage property; to get the certificate used for decryption, use DecryptionCertificate property.

To check the result of the message signature verification, examine VerificationResult property value. To access the signature certificate, use SignatureCertificate property.

See Decrypt(MailMessage) and Verify(MailMessage, MessageVerificationFlags, CertificateStore) topics for more details on decryption and verification process.

Note
This method is not available in .NET Standard 2.0 and newer (because it relies on Win32 API). Use DecryptAndVerify2(MailMessage, MessageVerificationFlags, X509Certificate2Collection, X509Certificate2Collection) instead.

Examples

This sample loads the message from the disk file, decrypts and verifies it.

Copy

// To use the code below, import these namespaces at the top of your code
using System;
using MailBee;
using MailBee.Mime;
using MailBee.Security;

// The actual code (put it into a method of your class)

// Load the message from file.
MailMessage msg = new MailMessage();
msg.LoadMessage(@"C:\Temp\encrypted.eml");

Smime objSmime = new Smime();

try
{
    // Verify the message.
    SmimeResult smResult = objSmime.DecryptAndVerify(msg, MessageVerificationFlags.All,
        new CertificateStore[] {new CertificateStore(CertificateStore.Personal, CertStoreType.System, null)}, null);
    MessageVerificationFlags resultOptions = smResult.VerificationResult;

    // Check whether verification has been passed successfully.
    if (resultOptions != MessageVerificationFlags.None)
    {
        if ((resultOptions & MessageVerificationFlags.CertificateRevoked) == MessageVerificationFlags.CertificateRevoked)
        {
            Console.WriteLine("Error! Certificate revoked...");
        }
        if ((resultOptions & MessageVerificationFlags.MessageTampered) == MessageVerificationFlags.MessageTampered)
        {
            Console.WriteLine("Error! Message has been tampered...");
        }
        if ((resultOptions & MessageVerificationFlags.SignatureExpired) == MessageVerificationFlags.SignatureExpired)
        {
            Console.WriteLine("Error! Signature expired...");
        }
        if ((resultOptions & MessageVerificationFlags.SignerAndSenderDoNotMatch) == MessageVerificationFlags.SignerAndSenderDoNotMatch)
        {
            Console.WriteLine("Error! Signer and sender do not match...");
        }
        if ((resultOptions & MessageVerificationFlags.Untrusted) == MessageVerificationFlags.Untrusted)
        {
            Console.WriteLine("Error! Untrusted certificate...");
        }
    }
    if (smResult.SignatureCertificate != null)
    {
        Console.WriteLine(smResult.SignatureCertificate.Subject);
    }
    if (smResult.DecryptionCertificate != null)
    {
        Console.WriteLine(smResult.DecryptionCertificate.Subject);
    }
    if (smResult.DecryptedMessage != null)
    {
        Console.WriteLine(smResult.DecryptedMessage.BodyPlainText);
    }
}
catch (MailBeeException ex)
{
    Console.WriteLine(ex.Message);
}

' To use the code below, import these namespaces at the top of your code
Imports MailBee
Imports MailBee.Mime
Imports MailBee.Security

' The actual code (put it into a method of your class)

' Load the message from file.
Dim msg As MailMessage = New MailMessage
msg.LoadMessage("C:\Temp\encrypted.eml")

Dim objSmime As Smime = New Smime

Try
    ' Verify the message.
    Dim smResult As SmimeResult = objSmime.DecryptAndVerify(msg, MessageVerificationFlags.All, _
        New CertificateStore() {New CertificateStore(CertificateStore.Personal, CertStoreType.System, Nothing)}, Nothing)
    Dim resultOptions As MessageVerificationFlags = smResult.VerificationResult

    ' Check whether verification has been passed successfully.
    If (resultOptions <> MessageVerificationFlags.None) Then
        If ((resultOptions & MessageVerificationFlags.CertificateRevoked) = MessageVerificationFlags.CertificateRevoked) Then
            Console.WriteLine("Error! Certificate revoked...")
        End If
        If ((resultOptions & MessageVerificationFlags.MessageTampered) = MessageVerificationFlags.MessageTampered) Then
            Console.WriteLine("Error! Message has been tampered...")
        End If
        If ((resultOptions & MessageVerificationFlags.SignatureExpired) = MessageVerificationFlags.SignatureExpired) Then
            Console.WriteLine("Error! Signature expired...")
        End If
        If ((resultOptions & MessageVerificationFlags.SignerAndSenderDoNotMatch) = MessageVerificationFlags.SignerAndSenderDoNotMatch) Then
            Console.WriteLine("Error! Signer and sender do not match...")
        End If
        If ((resultOptions & MessageVerificationFlags.Untrusted) = MessageVerificationFlags.Untrusted) Then
            Console.WriteLine("Error! Untrusted certificate...")
        End If
    End If
    If (Not IsNothing(smResult.SignatureCertificate)) Then
        Console.WriteLine(smResult.SignatureCertificate.Subject)
    End If
    If (Not IsNothing(smResult.DecryptionCertificate)) Then
        Console.WriteLine(smResult.DecryptionCertificate.Subject)
    End If
    If (Not IsNothing(smResult.DecryptedMessage)) Then
        Console.WriteLine(smResult.DecryptedMessage.BodyPlainText)
    End If
Catch ex As MailBeeException
    Console.WriteLine(ex.Message)
End Try

Reference

Smime Class

DecryptAndVerify Overload

MailBee.Security Namespace

SmimeDecrypt(MailMessage)

SmimeVerify(MailMessage, MessageVerificationFlags, CertificateStore)