Delphi - Verify digital signature and decrypt email - S/MIME

The following delphi codes demonstrate how to verify S/MIME digital signature and decrypt encrypted email.

How to sign email?

Digital signature is always signed by sender certificate. The certificate used to sign email content MUST have the public/private key pair.

First of all, the user MUST get a digital certificate for personal email protection from third-party certificate authorities such as

After the certificate is installed on the machine, it can be viewed by Control Panel -> Internet Options -> Content -> Certificates -> Personal. When you view the certificate, please note there is a line “You have a private key that corresponds to this certificate” in the certificate view, that means you are able to use this certificate to sign email content. If this line doesn’t appear, that means you are unable to sign the email content by this certificate.

To sign email content, please refer to EASendMail SMTP Component.

How to encrypt email?

Encrypting email doesn’t require sender certificate but the certificate with public key for every recipient.

For example: sends an email to with digital signature; The digital signature contains the public key certificate for, then can send an encrypted email with this certificate back to; Only from@adminsystem can read this email, because this email MUST be decrypted by private key of

Therefore, you MUST receive an digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people.

To encrypt email, please refer to EASendMail SMTP Component.

EAGetMail Mail class provides an easy way to verify the email digital signature and get the signer certificate. The signer certificate only contains the public key, that means you can add this certificate to your user certificate storage so that you can use this certificate to encrypt email and send the encrypted email back to the sender, only the sender can decrypt the email.


Before you can use the following sample codes, you should download the EAGetMail Installer and install it on your machine at first. Full sample projects are included in this installer.

Add reference

To better demonstrate how to retrieve email and parse email, let’s create a Delphi Standard EXE project at first, then add a TButton on the Form, double-click this button. It is like this:

Delphi console project

To use EAGetMail ActiveX Object in your Delphi project, the first step is “Add Unit file of EAGetMail to your project”. Please go to C:\Program Files\EAGetMail\Include\delphi or C:\Program Files (x86)\EAGetMail\Include\delphi folder, find EAGetMailObjLib_TLB.pas, and then copy this file to your project folder.

// include EAGetMailObjLib_TLB unit to your Delphi Project
unit Unit1;


Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, EAGetMailObjLib_TLB, StdCtrls;

Then you can start to use it in your Delphi Project.

You can also create EAGetMailObjLib_TLB.pas manually by Delphi like this:

  • Delphi 7 or eariler version

    First of all, create a standard delphi project: select menu Project -> Import Type Library, checked EAGetMail ActiveX Object and click Create Unit. Then include EAGetMailObjLib_TLB in your project.

    add reference in Delphi
  • Delphi XE or later version

    First of all, create a standard delphi project: select menu Component -> Import component... -> Import a type library -> checked EAGetMail ActiveX Object, have Generate Component Wrapper checked and click “Create Unit”. Then include EAGetMailObjLib_TLB in your project.

Delphi - Verify digital signature and decrypt email - S/MIME - example

The following example codes demonstrate parsing S/MIME email - digital signature and decryption. In order to run it correctly, please change email server, user, password, folder, file name value to yours.


To get full sample projects, please download and install EAGetMail on your machine.

unit Unit1;


    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EAGetMailObjLib_TLB;

    TForm1 = class(TForm)
        Button1: TButton;
        procedure Button1Click(Sender: TObject);
        { Private declarations }
        procedure ParseEmail(fileName: WideString);
        { Public declarations }


    Form1: TForm1;


{$R *.dfm}

procedure TForm1.ParseEmail(fileName: WideString);
    oMail: TMail;
    i: Integer;

    addrs: IAddressCollection;
    addr: IMailAddress;

    atts: IAttachmentCollection;
    att: IAttachment;

    oCert: TCertificate;
    oSignerCert: ICertificate;
    oMail := TMail.Create(Application);
    oMail.LicenseCode := 'TryIt';
    oMail.LoadFile(fileName, false);

    if oMail.IsEncrypted then
            // this email is encrypted, decrypt it by default user certificate
            // You can also use specified certificate like this
            // oCert := TCertificate.Create(Application);
            // oCert.LoadFromFile('c:\test.pfx', 'pfxpassword', CRYPT_USER_KEYSET);
            // oMail.Load(oMail.Decrypt(oCert.DefaultInterface).Content);
            on ep: exception do
                ShowMessage('Decrypt Error: ' + ep.Message);

    if oMail.IsSigned then
            // this email is digital signed, verify signature
            oSignerCert := oMail.VerifySignature();
            ShowMessage('This email contains a valid digital signature.');

            // You can add the certificate to your certificate storage like this
            // oSignerCert.AddToStore(CERT_SYSTEM_STORE_CURRENT_USER,
            // 'addressbook');
            // Then you can use send the encrypted email back to this sender.
            on ep: Exception do
                ShowMessage('Verify signature Error: ' + ep.Message);

    // Parse email sender
    ShowMessage('From: ' + oMail.From.Address);

    // Parse email to recipients
    addrs := oMail.ToList;
    for i := 0 To addrs.Count - 1 do
        addr := addrs.Item[i];
        ShowMessage('To: ' + addr.Address);

    // Parse email cc recipients
    addrs := oMail.CcList;
    for i := 0 To addrs.Count - 1 do
            addr := addrs.Item[i];
            ShowMessage('Cc: ' + addr.Address);

    // Parse email subject
    ShowMessage('Subject: ' + oMail.Subject);

    // Parse email text body
    ShowMessage('Text body: ' + oMail.TextBody);

    // Parse email HTML body
    ShowMessage('HTML body: ' + oMail.HtmlBody);

    // Parse attachment
    atts := oMail.AttachmentList;
    for i := 0 To atts.Count - 1 do
            att := atts.Item[i];


procedure TForm1.Button1Click(Sender: TObject);
        ParseEmail('c:\test folder\test.eml');
        on ep:Exception do
            ShowMessage('Error: ' + ep.Message);


32bit/x64 ActiveX DLL

Seperate builds of run-time dll for 32 and x64 platform

File Platform
Installation Path\Lib\native\x86\EAGetMailObj.dll 32 bit
Installation Path\Lib\native\x64\EAGetMailObj.dll 64 bit


  • Standard EXE

    For VB6, C++, Delphi or other standard exe application, you can distribute EAGetMailObj.dll with your application to target machine without COM-registration and installer. To learn more detail, please have a look at Registration-free COM with Manifest File.

  • Script

    For ASP, VBScript, VBA, MS SQL Stored Procedure, you need to install EAGetMail on target machine by EAGetMail installer, both 32bit/x64 DLL are installed and registered.



If you have any comments or questions about above example codes, please click here to add your comments.