How to validate a signed email in C# and VB.NET

GemBox.Email enables you to validate signed (S/MIME) messages. It supports both clear-signed (multipart/signed) and opaque-signed (application/pkcs7-mime) formats according to the latest S/MIME standard RFC 8551.

After loading or creating a signed message, it is possible to use MailMessage.ValidateSignature to verify it the signature is valid. There are three conditions that are necessary for this method to return true:

  • MailMessage.IsSigned has to be true.
  • The certificate data embedded into the signature has to still be considered valid. Certificates are valid from a specific date to another specific date, so the date when the file is being signed has to be within this range.
  • The message's content has to be precisely the same as the one used to generate the signature.

Each email engine or application have a different set of rules to consider a signature valid or not, so an email that is considered valid or invalid in some platform can have a different result with this method. For example: on Windows, Outlook will warn a problem with signatures created by certificates not associated with a trusted authority.

Image showing a valid signed and an invalid signed email on Outlook
Example of signed emails with valid and invalid signature displayed on outlook

The following example shows how to load a signed file and check its signature. You can use the input file selector to see how it works for valid or invalid signature file.

Upload your file (Drag file here)
using System;
using GemBox.Email;

class Program
{
    static void Main()
    {
        // If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY");

        // Load message from email file normally.
        MailMessage message = MailMessage.Load("%InputFileName%");

        // Check if it's signed and validate signature.
        Console.WriteLine($"Is signed: {message.IsSigned}");
        Console.WriteLine($"Is valid: {message.ValidateSignature()}");
    }
}
Imports System
Imports GemBox.Email

Module Program

    Sub Main()

        ' If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY")

        ' Load message from email file normally.
        Dim message = MailMessage.Load("%InputFileName%")

        ' Check if it's signed and validate signature.
        Console.WriteLine($"Is signed: {message.IsSigned}")
        Console.WriteLine($"Is valid: {message.ValidateSignature()}")

    End Sub

End Module

Types of signatures

There are two types of signatures applied to two types of emails: clear-signed messages (with a signature that contains only data about the certificate and signature) and opaque-signed messages (with a signature that includes data about the certificate, signature, and source content used to generate the signature).

Clear-signed messages maintain the email's content separate from the signature, which means that even if an application (like Outlook or Gmail) does not know how to deal with signed messages, it will at least be able to show the original content normally.

Opaque-signed messages merge the email's content and signature in a binary format, meaning that an application (like Outlook or Gmail) can only show the content if it knows how to deal with opaque-signed messages.

You can further experiment with S/MIME message signing and validation using a simple trick:

  • Access the example on how to sign messages to generate a clear-signed .eml file;
  • Open the file in any text editor, locate the body's content, add or remove any character in it and save the file;
  • Open the file on Outlook and load it with GemBox.Email, both will consider it a valid signed email with an invalid signature.

See also


Next steps

GemBox.Email is a .NET component that enables you to read, write, receive, and send emails from your .NET applications using one simple API.

Download Buy