How to validate a signed email in C# and VB.NET
GemBox.Email enables you to validate signed (S/MIME) messages. It supports both clear-signed (multipart/signed) and opaque-signed (application/pkcs7-mime) formats according to the latest S/MIME standard RFC 8551.
After loading or creating a signed message, it is possible to use MailMessage.ValidateSignature to verify it the signature is valid. There are three conditions that are necessary for this method to return true:
MailMessage.IsSignedhas to betrue.- The certificate data embedded into the signature has to still be considered valid. Certificates are valid from a specific date to another specific date, so the date when the file is being signed has to be within this range.
- The message's content has to be precisely the same as the one used to generate the signature.
Each email engine or application have a different set of rules to consider a signature valid or not, so an email that is considered valid or invalid in some platform can have a different result with this method. For example: on Windows, Outlook will warn a problem with signatures created by certificates not associated with a trusted authority.
The following example shows how to load a signed file and check its signature. You can use the input file selector to see how it works for valid or invalid signature file.
using System;
using GemBox.Email;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
// Load message from email file normally.
MailMessage message = MailMessage.Load("%InputFileName%");
// Check if it's signed and validate signature.
Console.WriteLine($"Is signed: {message.IsSigned}");
Console.WriteLine($"Is valid: {message.ValidateSignature()}");
}
}Imports System
Imports GemBox.Email
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
' Load message from email file normally.
Dim message = MailMessage.Load("%InputFileName%")
' Check if it's signed and validate signature.
Console.WriteLine($"Is signed: {message.IsSigned}")
Console.WriteLine($"Is valid: {message.ValidateSignature()}")
End Sub
End Module
Types of signatures
There are two types of signatures applied to two types of emails: clear-signed messages (with a signature that contains only data about the certificate and signature) and opaque-signed messages (with a signature that includes data about the certificate, signature, and source content used to generate the signature).
Clear-signed messages maintain the email's content separate from the signature, which means that even if an application (like Outlook or Gmail) does not know how to deal with signed messages, it will at least be able to show the original content normally.
Opaque-signed messages merge the email's content and signature in a binary format, meaning that an application (like Outlook or Gmail) can only show the content if it knows how to deal with opaque-signed messages.
You can further experiment with S/MIME message signing and validation using a simple trick:
- Access the example on how to sign messages to generate a clear-signed .eml file;
- Open the file in any text editor, locate the body's content, add or remove any character in it and save the file;
- Open the file on Outlook and load it with GemBox.Email, both will consider it a valid signed email with an invalid signature.
