How to sign and unsign an email in C# and VB.NET

GemBox.Email enables you to create signed (S/MIME) messages. It supports clear-signed (multipart/signed) and opaque-signed (application/pkcs7-mime) formats according to the latest S/MIME standard RFC 8551.

You can convert a regular (unsigned) MailMessage to a signed message by calling MailMessage.Sign, which will add a signature to the MailMessage, making it read-only. This method receives an instance of DigitalSignatureOptions as a parameter, which contains:

The certificate to be used while creating the signature through the DigitalSignatureOptions.Certificate property.
A boolean indicating if this should be a clear-signed (true) or an opaque-signed (false) message through the DigitalSignatureOptions.ClearSigned property.

Calling MailMessage.Sign from a signed message will result in an InvalidOperationException being thrown.

The following example shows how you can load and sign a regular message.

C#
VB.NET

View on GitHub

using GemBox.Email;
using System.Security.Cryptography.X509Certificates;

class Program
{
    static void Main()
    {
        // If using the Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY");

        // Load message from email file normally.
        var message = MailMessage.Load("%InputFileName%");

        // Signing an already signed message would throw an exception!
        if (message.IsSigned)
            return;

        var options = new DigitalSignatureOptions()
        {
            Certificate = new X509Certificate2("%InputDigitalId%", "GemBoxPassword"),
            ClearSigned = true
        };

        // Sign message as clear-signed.
        message.Sign(options);

        // Save the signed message.
        message.Save("Signed.%OutputFileType%");
    }
}

Imports GemBox.Email
Imports System.Security.Cryptography.X509Certificates

Module Program

    Sub Main()

        ' If using the Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY")

        ' Load message from email file normally.
        Dim message = MailMessage.Load("%InputFileName%")

        ' Signing an already signed message would throw an exception!
        If message.IsSigned Then Return

        ' Load certificate data.
        Dim options As New DigitalSignatureOptions() With
        {
            .Certificate = New X509Certificate2("%InputDigitalId%", "GemBoxPassword"),
            .ClearSigned = True
        }

        ' Sign message as clear-signed.
        message.Sign(options)

        ' Save the signed message.
        message.Save("Signed.%OutputFileType%")

    End Sub

End Module

A signed MailMessage has some differences compared to a "normal" MailMessage that you should consider:

MailMessage.IsSigned will be set to true, and MailMessage.MessageSecurity will indicate the type of signature applied to this message.
Signed messages will be read-only. Changing the message's content (BodyText, BodyTextCharset, BodyHtml or Attachments) will result in an InvalidOperationException being thrown.
It will be possible to validate the message's signature or to unsign it.

To remove the signature or enable changing the content of a signed MailMessage it is necessary to call MailMessage.Unsign, which will remove the message's signature and it's read-only estate, exposing the content as a "normal" message. If necessary, it is also possible to re-sign the message.

If you call MailMessage.Unsign from an unsigned message, an InvalidOperationException being thrown.

The following example shows how to unsign a message.

C#
VB.NET

View on GitHub

using GemBox.Email;

class Program
{
    static void Main()
    {
        // If using the Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY");

        // Load message from email file normally.
        var message = MailMessage.Load("%InputFileName%");

        // To unsign a not-signed message would throw an exception!
        if (!message.IsSigned)
            return;

        message.Unsign();

        // Save the unsigned message.
        message.Save("Unsigned.%OutputFileType%");
    }
}

Imports GemBox.Email

Module Program

    Sub Main()

        ' If using the Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY")

        ' Load message from email file normally.
        Dim message = MailMessage.Load("%InputFileName%")

        ' To unsign a Not-signed message would throw an exception!
        If Not message.IsSigned Then Return

        message.Unsign()

        ' Save the unsigned message.
        message.Save("Unsigned.%OutputFileType%")

    End Sub

End Module

Next steps

GemBox.Email is a .NET component that enables you to read, write, receive, and send emails from your .NET applications using one simple API.

Download Buy

How to sign and unsign an email in C# and VB.NET

See also

Next steps