Delphi - Sign Email (RSASSA-PSS + SHA256) and Encrypt Email (RSAES-OAEP + AES 128/196/256 + SHA256) Based on EDIFACT Rule - S/MIME

The following Delphi example codes demonstrate how to sign email to S/MIME format with digital signature (RSASSA-PSS + SHA256) and how to encrypt email with RSAES-OAEP + AES 128/192/256 + SHA256.

Installation

EASendMail is a SMTP component which supports all operations of SMTP/ESMTP protocols (RFC 821, RFC 822, RFC 2554). Before you can use the following example codes, you should download the EASendMail Installer and install it on your machine at first.

Add Reference

To use EASendMail SMTP ActiveX Object in your Delphi project, the first step is “Add Unit file of EASendMail to your project”. Please go to C:\Program Files\EASendMail\Include\delphi or C:\Program Files (x86)\EASendMail\Include\delphi folder, find EASendMailObjLib_TLB.pas, and then copy this file to your project folder.

unit Unit1;

interface
// include EASendMailObjLib_TLB unit to your Delphi Project
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, EASendMailObjLib_TLB, StdCtrls;

You can also create “EASendMailObjLib_TLB.pas” manually like this:

  • Delphi 7

    Please choose menu -> Project -> Import Type Library and select EASendMailObj ActiveX Object, click Create Unit, the reference of EASendMail ActiveX Object will be added to your project.

    add reference in Delphi
  • Delphi XE

    If you use Delphi XE to import the Type library, Please choose menu -> Component -> Import Component -> Import Type Library -> and select EASendMailObj ActiveX Object -> have Generate Component Wrapper checked -> Create Unit.

Then you can start to use it in your Delphi Project.

EDIFACT Rule in EUROPE

Latest EDIFACT requires RSA-SHA256 Signature Algorithm + RSASSA-PSS with SHA256 padding for digital signature, and AES128/192/256 Encrypting Algorithm + RSAES-OAEP + SHA256 Hash for email encryption.

EASendMail uses Windows built-in function to implement S/MIME, it supports RSASSA-PSS signature + SHA1 padding and AES + RSAES-OAEP, however it has a compatible problem with RSASSA-PSS signature defined in latest EDIFACT (SHA256 padding).

To comply with EDIFACT rule, we implemented an ActiveX Wrapper with Bouncy Castle library.

EASendMail ActiveX Object with Bouncy Castle

If you need to sign email with digital signature or encrypt email based on the rule of EDIFACT in EUROPE with EASendMail ActiveX Object, you should install an additional Bouncy Castle Wrapper ActiveX Object on your machine:

You can download it from: http://www.emailarchitect.net/webapp/download/BcWrapperObject.exe

To use this feature, it also requires .NET framework 2.0, 4.0 or 4.61 installed on the machine. Because .NET framework 2.0/4.0 is built-in feature in modern Windows operating system, so you don’t have to install .NET framework manually in most cases.

After you installed it on your machine, you can use the following codes to sign email based on the rule of EDIFACT.

Delphi - Sign Email with RSASSA-PSS + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate signing email based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

Unit Unit1;

Interface

Uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EASendMailObjLib_TLB; // add EASendMail Unit

Type
    TForm1 = Class(TForm)
        Button1: TButton;
        Procedure Button1Click(Sender: TObject);
    private
        { Private declarations }
    public
        { Public declarations }
    End;

Const
    CRYPT_MACHINE_KEYSET = 32;
    CRYPT_USER_KEYSET = 4096;
    CERT_SYSTEM_STORE_CURRENT_USER = 65536;
    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;

    ConnectNormal = 0;
    ConnectSSLAuto = 1;
    ConnectSTARTTLS = 2;
    ConnectDirectSSL = 3;
    ConnectTryTLS = 4;

Var
    Form1: TForm1;

Implementation

{$R *.dfm}

Procedure TForm1.Button1Click(Sender: TObject);
Var
    oSmtp : TMail;
Begin
    oSmtp := TMail.Create(Application);
    oSmtp.LicenseCode := 'TryIt';

    // Set your sender email address
    oSmtp.FromAddr := 'test@emailarchitect.net';

    // Add recipient email address
    oSmtp.AddRecipientEx('support@emailarchitect.net', 0);

    // Set email subject
    oSmtp.Subject := 'test email from Delphi with digital signature';

    // Set body text
    oSmtp.BodyText := 'this is a test email sent from Delphi with digital signature';

    // Add digital signature
    If Not oSmtp.SignerCert.FindSubject('test@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oSmtp.SignerCert.GetLastError());
        exit;
        End;

    If Not oSmtp.SignerCert.HasCertificate Then
        Begin
        ShowMessage('Signer certificate has no private key, ' +
        'this certificate can not be used to sign email');
        End;

    // Use RSA-SHA256 signature, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp.SignatureHashAlgorithm := 1;
    // Use Hash 256 RSASSA_PSS padding, 0: PSS is not used; 1: PSS with default; 2: PSS with signature hash algorithm;
    oSmtp.SignatureEncryptionAlgorithm := 2;

    // Your SMTP server address
    oSmtp.ServerAddr := 'smtp.emailarchitect.net';

    // User and password for ESMTP authentication, if your server doesn't require
    // user authentication, please remove the following codes
    oSmtp.UserName := 'test@emailarchitect.net';
    oSmtp.Password := 'testpassword';

    // ConnectTryTLS means if server supports SSL/TLS connection, SSL/TLS is used automatically
    oSmtp.ConnectType := ConnectTryTLS;

    // If your server uses 587 port
    // oSmtp.ServerPort := 587;

    // If your server uses 25/587/465 port with SSL/TLS
    // oSmtp.ConnectType := ConnectSSLAuto;
    // oSmtp.ServerPort := 587; // 25 or 587 or 465

    ShowMessage('start to send email ...');

    If oSmtp.SendMail() = 0 Then
        ShowMessage('email was sent successfully!')
    Else
        ShowMessage('failed to send email with the following error: '
        + oSmtp.GetLastErrDescription());

End;

End.

Note

RSASSA-PSS signature generated by Bouncy Castle is not verified by most email clients (outlook, firebird …), but it does meet the requirement in EDIFACT rule.

Delphi - Encrypt Email with RRSAES-OAEP + AES 128/192/256 + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate encrypting email message based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

Unit Unit1;

Interface

Uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EASendMailObjLib_TLB; // add EASendMail Unit

Type
    TForm1 = Class(TForm)
        Button1: TButton;
        Procedure Button1Click(Sender: TObject);
    private
        { Private declarations }
    public
        { Public declarations }
    End;

Const
    CRYPT_MACHINE_KEYSET = 32;
    CRYPT_USER_KEYSET = 4096;
    CERT_SYSTEM_STORE_CURRENT_USER = 65536;
    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;

    ConnectNormal = 0;
    ConnectSSLAuto = 1;
    ConnectSTARTTLS = 2;
    ConnectDirectSSL = 3;
    ConnectTryTLS = 4;

Var
    Form1: TForm1;

Implementation

{$R *.dfm}

Procedure TForm1.Button1Click(Sender: TObject);
Var
    oSmtp : TMail;
    oEncryptCert : TCertificate;
Begin
    oSmtp := TMail.Create(Application);
    oSmtp.LicenseCode := 'TryIt';

    // Set your sender email address
    oSmtp.FromAddr := 'test@emailarchitect.net';

    // Add recipient email address
    oSmtp.AddRecipientEx('support@emailarchitect.net', 0);

    // Set email subject
    oSmtp.Subject := 'test encrypted email from Delphi with digital signature';

    // Set body text
    oSmtp.BodyText := 'this is a test encrypted email sent from Delphi with digital signature';

    // Find the encrypting certificate for every recipients
    oEncryptCert := TCertificate.Create(Application);
    If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'AddressBook') Then
        If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oEncryptCert.GetLastError());
        exit;
        End;

    // Add encrypting certificate
    oSmtp.RecipientsCerts.Add(oEncryptCert.DefaultInterface);

    // Use AES128 encrypting algorithm, 4: AES128; 5: AES192; 6: AES256;
    oSmtp.EncryptionAlgorithm := 4;
    // Use  RAES-OAEP with sha-256 hash algorithm, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp.OaepHashAlgorithm := 1;

    // Your SMTP server address
    oSmtp.ServerAddr := 'smtp.emailarchitect.net';

    // User and password for ESMTP authentication, if your server doesn't require
    // user authentication, please remove the following codes
    oSmtp.UserName := 'test@emailarchitect.net';
    oSmtp.Password := 'testpassword';

    // ConnectTryTLS means if server supports SSL/TLS connection, SSL/TLS is used automatically
    oSmtp.ConnectType := ConnectTryTLS;

    // If your server uses 587 port
    // oSmtp.ServerPort := 587;

    // If your server uses 25/587/465 port with SSL/TLS
    // oSmtp.ConnectType := ConnectSSLAuto;
    // oSmtp.ServerPort := 587; // 25 or 587 or 465

    ShowMessage('start to send email ...');

    If oSmtp.SendMail() = 0 Then
        ShowMessage('email was sent successfully!')
    Else
        ShowMessage('failed to send email with the following error: '
        + oSmtp.GetLastErrDescription());

End;

End.

Delphi - Sign Email with RSASSA-PSS + SHA256 and Encrypt Email with RRSAES-OAEP + AES 128/192/256 + SHA256 - EDIFACT - S/MIME - Example

The following example codes demonstrate signing and encrypting email message based on EDIFACT rule - S/MIME. In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.

Unit Unit1;

Interface

Uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls, EASendMailObjLib_TLB; // add EASendMail Unit

Type
    TForm1 = Class(TForm)
        Button1: TButton;
        Procedure Button1Click(Sender: TObject);
    private
        { Private declarations }
    public
        { Public declarations }
    End;

Const
    CRYPT_MACHINE_KEYSET = 32;
    CRYPT_USER_KEYSET = 4096;
    CERT_SYSTEM_STORE_CURRENT_USER = 65536;
    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;

    ConnectNormal = 0;
    ConnectSSLAuto = 1;
    ConnectSTARTTLS = 2;
    ConnectDirectSSL = 3;
    ConnectTryTLS = 4;

Var
    Form1: TForm1;

Implementation

{$R *.dfm}

Procedure TForm1.Button1Click(Sender: TObject);
Var
    oSmtp : TMail;
    oEncryptCert : TCertificate;
Begin
    oSmtp := TMail.Create(Application);
    oSmtp.LicenseCode := 'TryIt';

    // Set your sender email address
    oSmtp.FromAddr := 'test@emailarchitect.net';

    // Add recipient email address
    oSmtp.AddRecipientEx('support@emailarchitect.net', 0);

    // Set email subject
    oSmtp.Subject := 'test encrypted email from Delphi with digital signature';

    // Set body text
    oSmtp.BodyText := 'this is a test encrypted email sent from Delphi with digital signature';

    // Add digital signature
    If Not oSmtp.SignerCert.FindSubject('test@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oSmtp.SignerCert.GetLastError());
        exit;
        End;

    If Not oSmtp.SignerCert.HasCertificate Then
        Begin
        ShowMessage('Signer certificate has no private key, ' +
        'this certificate can not be used to sign email');
        End;

    // Use RSA-SHA256 signature, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp.SignatureHashAlgorithm := 1;
    // Use Hash 256 RSASSA_PSS padding, 0: PSS is not used; 1: PSS with default; 2: PSS with signature hash algorithm;
    oSmtp.SignatureEncryptionAlgorithm := 2;

    // Find the encrypting certificate for every recipients
    oEncryptCert := TCertificate.Create(Application);
    If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'AddressBook') Then
        If Not oEncryptCert.FindSubject('support@emailarchitect.net',
        CERT_SYSTEM_STORE_CURRENT_USER, 'my') Then
        Begin
        ShowMessage(oEncryptCert.GetLastError());
        exit;
        End;

    // Add encrypting certificate
    oSmtp.RecipientsCerts.Add(oEncryptCert.DefaultInterface);

    // Use AES128 encrypting algorithm, 4: AES128; 5: AES192; 6: AES256;
    oSmtp.EncryptionAlgorithm := 4;
    // Use  RAES-OAEP with sha-256 hash algorithm, 0: sha1; 1: sha256; 2: sha384; 3: sha512;
    oSmtp.OaepHashAlgorithm := 1;

    // Your SMTP server address
    oSmtp.ServerAddr := 'smtp.emailarchitect.net';

    // User and password for ESMTP authentication, if your server doesn't require
    // user authentication, please remove the following codes
    oSmtp.UserName := 'test@emailarchitect.net';
    oSmtp.Password := 'testpassword';

    // ConnectTryTLS means if server supports SSL/TLS connection, SSL/TLS is used automatically
    oSmtp.ConnectType := ConnectTryTLS;

    // If your server uses 587 port
    // oSmtp.ServerPort := 587;

    // If your server uses 25/587/465 port with SSL/TLS
    // oSmtp.ConnectType := ConnectSSLAuto;
    // oSmtp.ServerPort := 587; // 25 or 587 or 465

    ShowMessage('start to send email ...');

    If oSmtp.SendMail() = 0 Then
        ShowMessage('email was sent successfully!')
    Else
        ShowMessage('failed to send email with the following error: '
        + oSmtp.GetLastErrDescription());

End;

End.

TLS 1.2 Protocol

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

32bit/x64 ActiveX DLL

Seperate builds of run-time dll for 32 and x64 platform

File Platform
Installation Path\Lib\native\x86\EASendMailObj.dll 32 bit
Installation Path\Lib\native\x64\EASendMailObj.dll 64 bit

Distribution

  • Standard EXE

    For VB6, C++, Delphi or other standard exe application, you can distribute EASendMailObj.dll with your application to target machine without COM-registration and installer. To learn more detail, please have a look at Registration-free COM with Manifest File.

  • Script

    For ASP, VBScript, VBA, MS SQL Stored Procedure, you need to install EASendMail on target machine by EASendMail installer, both 32bit/x64 DLL are installed and registered.

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.