How to sign and unsign an email in C# and VB.NET
GemBox.Email enables you to create signed (S/MIME) messages. It supports clear-signed (multipart/signed) and opaque-signed (application/pkcs7-mime) formats according to the latest S/MIME standard RFC 8551.
You can convert a regular (unsigned) MailMessage
to a signed message by calling MailMessage.Sign
, which will add a signature to the MailMessage
, making it read-only. This method receives an instance of DigitalSignatureOptions
as a parameter, which contains:
- The certificate to be used while creating the signature through the
DigitalSignatureOptions.Certificate
property. - A boolean indicating if this should be a clear-signed (
true
) or an opaque-signed (false
) message through theDigitalSignatureOptions.ClearSigned
property.
Calling MailMessage.Sign
from a signed message will result in an InvalidOperationException
being thrown.
The following example shows how you can load and sign a regular message.
using GemBox.Email;
using System.Security.Cryptography.X509Certificates;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
// Load message from email file normally.
var message = MailMessage.Load("%InputFileName%");
// Signing an already signed message would throw an exception!
if (message.IsSigned)
return;
var options = new DigitalSignatureOptions()
{
Certificate = new X509Certificate2("%InputDigitalId%", "GemBoxPassword"),
ClearSigned = true
};
// Sign message as clear-signed.
message.Sign(options);
// Save the signed message.
message.Save("Signed.%OutputFileType%");
}
}
Imports GemBox.Email
Imports System.Security.Cryptography.X509Certificates
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
' Load message from email file normally.
Dim message = MailMessage.Load("%InputFileName%")
' Signing an already signed message would throw an exception!
If message.IsSigned Then Return
' Load certificate data.
Dim options As New DigitalSignatureOptions() With
{
.Certificate = New X509Certificate2("%InputDigitalId%", "GemBoxPassword"),
.ClearSigned = True
}
' Sign message as clear-signed.
message.Sign(options)
' Save the signed message.
message.Save("Signed.%OutputFileType%")
End Sub
End Module
A signed MailMessage
has some differences compared to a "normal" MailMessage
that you should consider:
MailMessage.IsSigned
will be set totrue
, andMailMessage.MessageSecurity
will indicate the type of signature applied to this message.- Signed messages will be
read-only
. Changing the message's content (BodyText
,BodyTextCharset
,BodyHtml
orAttachments
) will result in anInvalidOperationException
being thrown. - It will be possible to validate the message's signature or to unsign it.
To remove the signature or enable changing the content of a signed MailMessage
it is necessary to call MailMessage.Unsign
, which will remove the message's signature and it's read-only estate, exposing the content as a "normal" message. If necessary, it is also possible to re-sign the message.
If you call MailMessage.Unsign
from an unsigned message, an InvalidOperationException
being thrown.
The following example shows how to unsign a message.
using GemBox.Email;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
// Load message from email file normally.
var message = MailMessage.Load("%InputFileName%");
// To unsign a not-signed message would throw an exception!
if (!message.IsSigned)
return;
message.Unsign();
// Save the unsigned message.
message.Save("Unsigned.%OutputFileType%");
}
}
Imports GemBox.Email
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
' Load message from email file normally.
Dim message = MailMessage.Load("%InputFileName%")
' To unsign a Not-signed message would throw an exception!
If Not message.IsSigned Then Return
message.Unsign()
' Save the unsigned message.
message.Save("Unsigned.%OutputFileType%")
End Sub
End Module