Delphi - Encrypt email - S/MIME¶

The following delphi example codes demonstrate how to encrypt email to S/MIME format with digital signature.

Email Encryption

After the recipient received your email with digital signature, the recipient can get your digital certificate public key from your digital signature. Then the recipient can encrypt an email with your public key and send it to you. Only you can decrypt this email with your private key. That is how S/MIME can protect your email content. If you don’t expose your digital certificate private key to others, none can read your email which is encrypted by your public key.

If you received an email with digital signature, your email client usually stores the public key of the sender in “Control Panel” -> “Internet Options” -> “Content” -> “Certificates” -> “Other People”.

Then you can use the following code to encrypt email and send it to your recipient.

Sections:

Installation
Add reference
Delphi - Encrypt email - S/MIME - example
Encryption algorithm
TLS 1.2 protocol
32bit/x64 ActiveX DLL
Distribution

Installation¶

EASendMail is a SMTP component which supports all operations of SMTP/ESMTP protocols (RFC 821, RFC 822, RFC 2554). Before you can use the following example codes, you should download the EASendMail Installer and install it on your machine at first.

Add reference¶

To use EASendMail SMTP ActiveX Object in your Delphi project, the first step is “Add Unit file of EASendMail to your project”. Please go to C:\Program Files\EASendMail\Include\delphi or C:\Program Files (x86)\EASendMail\Include\delphi folder, find EASendMailObjLib_TLB.pas, and then copy this file to your project folder.

unit Unit1;

interface
// include EASendMailObjLib_TLB unit to your Delphi Project
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, EASendMailObjLib_TLB, StdCtrls;

You can also create “EASendMailObjLib_TLB.pas” manually like this:

Delphi 7

Please choose menu -> Project -> Import Type Library and select EASendMailObj ActiveX Object, click Create Unit, the reference of EASendMail ActiveX Object will be added to your project.
Delphi XE

If you use Delphi XE to import the Type library, Please choose menu -> Component -> Import Component -> Import Type Library -> and select EASendMailObj ActiveX Object -> have Generate Component Wrapper checked -> Create Unit.

Then you can start to use it in your Delphi Project.

Delphi - Encrypt email - S/MIME - example¶

The following example codes demonstrate encrypting email message with digital signature - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

Note

To get full sample projects, please download and install EASendMail on your machine.

Unit Unit1;

Interface

Uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EASendMailObjLib_TLB; // add EASendMail Unit

Type
    TForm1 = Class(TForm)
        Button1: TButton;
        Procedure Button1Click(Sender: TObject);
    private
        { Private declarations }
    public
        { Public declarations }
    End;

Const
    CRYPT_MACHINE_KEYSET = 32;
    CRYPT_USER_KEYSET = 4096;
    CERT_SYSTEM_STORE_CURRENT_USER = 65536;
    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;

    ConnectNormal = 0;
    ConnectSSLAuto = 1;
    ConnectSTARTTLS = 2;
    ConnectDirectSSL = 3;
    ConnectTryTLS = 4;

Var
    Form1: TForm1;

Implementation

{$R *.dfm}

Procedure TForm1.Button1Click(Sender: TObject);
Var
    oSmtp : TMail;
    oEncryptCert : TCertificate;
Begin
    oSmtp := TMail.Create(Application);
    oSmtp.LicenseCode := 'TryIt';

    // Set your sender email address
    oSmtp.FromAddr := 'test@emailarchitect.net';

    // Add recipient email address
    oSmtp.AddRecipientEx('support@emailarchitect.net', 0);

    // Set email subject
    oSmtp.Subject := 'test encrypted email from Delphi with digital signature';

    // Set body text
    oSmtp.BodyText := 'this is a test encrypted email sent from Delphi with digital signature';

    // Add digital signature
    If Not oSmtp.SignerCert.FindSubject('test@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oSmtp.SignerCert.GetLastError());
        exit;
        End;

    If Not oSmtp.SignerCert.HasCertificate Then
        Begin
        ShowMessage('Signer certificate has no private key, ' +
        'this certificate can not be used to sign email');
        End;

    // Find the encrypting certificate for every recipients
    oEncryptCert := TCertificate.Create(Application);
    If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'AddressBook') Then
        If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oEncryptCert.GetLastError());
        exit;
        End;

    // Add encrypting certificate
    oSmtp.RecipientsCerts.Add(oEncryptCert.DefaultInterface);

    // Your SMTP server address
    oSmtp.ServerAddr := 'smtp.emailarchitect.net';

    // User and password for ESMTP authentication, if your server doesn't require
    // user authentication, please remove the following codes
    oSmtp.UserName := 'test@emailarchitect.net';
    oSmtp.Password := 'testpassword';

    // ConnectTryTLS means if server supports SSL/TLS connection, SSL/TLS is used automatically
    oSmtp.ConnectType := ConnectTryTLS;

    // If your server uses 587 port
    // oSmtp.ServerPort := 587;

    // If your server uses 25/587/465 port with SSL/TLS
    // oSmtp.ConnectType := ConnectSSLAuto;
    // oSmtp.ServerPort := 587; // 25 or 587 or 465

    ShowMessage('start to send email ...');

    If oSmtp.SendMail() = 0 Then
        ShowMessage('email was sent successfully!')
    Else
        ShowMessage('failed to send email with the following error: '
        + oSmtp.GetLastErrDescription());

End;

End.

Encryption algorithm¶

You can use EncryptionAlgorithm property to set RC2, RC4, 3DES, AES128, AES192 or AES256 encryption algorithm. RSAES-OAEP (AES128, AES192 and AES256) is recommended.

RSA-OAEP Encryption with SHA256 HASH

If you need to use RSA-OAEP encryption with sha256 scheme, please have a look at this topic:

RSASSA-PSS + RSA-OAEP Encryption with SHA256

TLS 1.2 protocol¶

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

32bit/x64 ActiveX DLL¶

Seperate builds of run-time dll for 32 and x64 platform

File	Platform
Installation Path\Lib\native\x86\EASendMailObj.dll	32 bit
Installation Path\Lib\native\x64\EASendMailObj.dll	64 bit

Distribution¶

Standard EXE

For VB6, C++, Delphi or other standard exe application, you can distribute EASendMailObj.dll with your application to target machine without COM-registration and installer. To learn more detail, please have a look at Registration-free COM with Manifest File.
Script

For ASP, VBScript, VBA, MS SQL Stored Procedure, you need to install EASendMail on target machine by EASendMail installer, both 32bit/x64 DLL are installed and registered.

Tutorial Index