Verify Digital Signature and Decrypt Email in Delphi - S/MIME

In previous section, I introduced how to parse email. In this section, I will introduce how to verify digital signature and decrypt email in Delphi.

Introduction

How to sign email?

Digital signature is always signed by sender certificate. The certificate used to sign email content MUST have the public/private key pair.

First of all, the user MUST get a digital certificate for personal email protection from third-party certificate authorities such as www.verisign.com.

After the certificate is installed on the machine, it can be viewed by Control Panel -> Internet Options -> Content -> Certificates -> Personal. When you view the certificate, please note there is a line “You have a private key that corresponds to this certificate” in the certificate view, that means you are able to use this certificate to sign email content. If this line doesn’t appear, that means you are unable to sign the email content by this certificate.

To sign email content, please refer to EASendMail SMTP Component.

How to encrypt email?

Encrypting email doesn’t require sender certificate but the certificate with public key for every recipient.

For example: from@adminsystem.com sends an email to rcpt@adminsystem.com with digital signature; The digital signature contains the public key certificate for from@adminsystem.com, then rcpt@adminsystem.com can send an encrypted email with this certificate back to from@adminsystem.com; Only from@adminsystem can read this email, because this email MUST be decrypted by private key of from@adminsystem.com.

Therefore, you MUST receive an digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people.

To encrypt email, please refer to EASendMail SMTP Component.

EAGetMail Mail class provides an easy way to verify the email digital signature and get the signer certificate. The signer certificate only contains the public key, that means you can add this certificate to your user certificate storage so that you can use this certificate to encrypt email and send the encrypted email back to the sender, only the sender can decrypt the email.

Note

Remarks: All of examples in this section are based on first section: A simple Delphi project. To compile and run the following example codes successfully, please click here to learn how to create the test project and add reference to your project.

[Delphi Example - Verify digital signature and decrypt email]

The following example codes demonstrate how to use EAGetMail POP3 component to verify digital signature and decrypt email.

Note

To get the full sample projects, please refer to Samples section.

unit Unit1;

interface

uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EAGetMailObjLib_TLB; // Add EAGetMail unit

type
    TForm1 = class(TForm)
        Button1: TButton;
        procedure Button1Click(Sender: TObject);
        procedure ParseEmail( fileName: WideString );
    private
        { Private declarations }
    public
        { Public declarations }
    end;

const
    MailServerPop3 = 0;
    MailServerImap4 = 1;

    CRYPT_MACHINE_KEYSET = 32;
    CRYPT_USER_KEYSET = 4096;
    CERT_SYSTEM_STORE_CURRENT_USER = 65536;
    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;

var
    Form1: TForm1;

implementation

{$R *.dfm}
procedure TForm1.ParseEmail( fileName: WideString );
var
    oMail: TMail;
    i, UBound: integer;
    addrs, atts: OleVariant;
    addr: IMailAddress;
    att: IAttachment;
    oCert: TCertificate;
    oSignerCert: ICertificate;
begin
    oMail := TMail.Create(Application);
    oMail.LicenseCode := 'TryIt';
    oMail.LoadFile(fileName, false);
    ShowMessage(oMail.Headers.GetValueOfKey('Content-Type'));
    if oMail.IsEncrypted then
    try
        // this email is encrypted, decrypt it by default user certificate
        oMail.ConnectTo(oMail.Decrypt(nil));
        // You can also use specified certificate like this
        // oCert := TCertificate.Create(Application);
        // oCert.LoadFromFile( 'c:\test.pfx', 'pfxpassword', CRYPT_USER_KEYSET );
        // oMail.Load(oMail.Decrypt(oCert.DefaultInterface).Content);
    except
        on ep: Exception do
        begin
            ShowMessage('Decrypt Error: ' + ep.Message );
        end;
    end;

    if oMail.IsSigned then
    try
        // this email is digital signed, verify signature
        oSignerCert := oMail.VerifySignature();
        ShowMessage( 'This email contains a valid digital signature.' );
        // You can add the certificate to your certificate storage like this
        // oSignerCert.AddToStore(CERT_SYSTEM_STORE_CURRENT_USER,
        //    'addressbook');
        //  Then you can use send the encrypted email back to this sender.
    except
        on ep: Exception do
        begin
            ShowMessage('Verify signature Error: ' + ep.Message );
        end;
    end;


    // Parse email sender
    ShowMessage( 'From: ' + oMail.From.Address );

    // Parse email to recipients
    addrs := oMail.ToAddr;
    UBound := VarArrayHighBound( addrs, 1 );
    for i := 0 to UBound do
    begin
        addr := IDispatch(VarArrayGet(addrs, i)) as IMailAddress;
        ShowMessage( 'To: ' + addr.Address );
    end;

    // Parse email cc recipients
    addrs := oMail.Cc;
    UBound := VarArrayHighBound( addrs, 1 );
    for i := 0 to UBound do
    begin
        addr := IDispatch(VarArrayGet(addrs, i)) as IMailAddress;
        ShowMessage( 'Cc: ' + addr.Address );
    end;

    // Parse email subject
    ShowMessage( 'Subject: ' + oMail.Subject );

    // Parse email text body
    ShowMessage( 'Text body: ' + oMail.TextBody );

    // Parse email HTML body
    ShowMessage( 'HTML body: ' + oMail.HtmlBody );

    // Parse attachment
    atts := oMail.Attachments;
    UBound := VarArrayHighBound( atts, 1 );
    for i := 0 to UBound do
    begin
        att := IDispatch(VarArrayGet(atts,i)) as IAttachment;
        ShowMessage( att.Name );
    end;

end;

procedure TForm1.Button1Click(Sender: TObject);
var
    oTools: TTools;
    files: OleVariant;
    fileName: WideString;
    i, UBound: integer;
    mailFolder: WideString;
begin
    try
        oTools := TTools.Create(Application);

        // Create a folder named "inbox" under
        // current directory to store the email files
        mailFolder := GetCurrentDir() + '\inbox';
        oTools.CreateFolder(mailFolder);

        // Get all *.eml files in specified folder and parse it one by one
        files := oTools.GetFiles(mailFolder + '\*.eml');
        UBound := VarArrayHighBound( files, 1 );
        for i := 0 to UBound do
        begin
            fileName := VarArrayGet(files, i);
            ParseEmail(fileName);
        end;

    except
        on ep:Exception do
        ShowMessage( 'Error: ' + ep.Message );
    end;

end;

end.

Next Section

At next section I will introduce how to parse MAPI winmail.dat (TNEF/MAPI) attachment.

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.