VB.NET - Encrypt email - S/MIME¶
The following vb.net example codes demonstrate how to encrypt email to S/MIME format with digital signature.
Email Encryption
After the recipient received your email with digital signature, the recipient can get your digital certificate public key from your digital signature. Then the recipient can encrypt an email with your public key and send it to you. Only you can decrypt this email with your private key. That is how S/MIME can protect your email content. If you don’t expose your digital certificate private key to others, none can read your email which is encrypted by your public key.
If you received an email with digital signature, your email client usually stores the public key of the sender in “Control Panel” -> “Internet Options” -> “Content” -> “Certificates” -> “Other People”.
Then you can use the following code to encrypt email and send it to your recipient.
Sections:
Installation¶
Before you can use the following codes, please download EASendMail SMTP Component and install it on your machine at first. Full sample proejcts are included in this installer.
Install from NuGet
You can also install the run-time assembly by NuGet. Run the following command in the NuGet Package Manager Console:
Install-Package EASendMail
Note
If you install it by NuGet, no sample projects are installed, only .NET assembly is installed.
Add reference¶
To use EASendMail SMTP Component in your project, the first step is Add reference
of EASendMail to your project. Please create or open your project with Visual Studio,
then go to menu -> Project -> Add Reference -> .NET -> Browse..., and select
Installation Path\Lib\net[version]\EASendMail.dll from your disk, click Open -> OK, the reference of EASendMail
will be added to your project, and you can start to use it to send email
in your project.
.NET assembly¶
Because EASendMail has separate builds for .Net Framework, please refer to the following table and choose the correct dll.
Separate builds of run-time assembly for .NET Framework 2.0, 3.5, 4.0, 4.5, 4.6.1, 4.7.2, 4.8.1, .NET 5.0, .NET 6.0, .NET 7.0, .NET 8.0, .NET Standard 2.0 and .NET Compact Framework 2.0, 3.5.
| File | .NET Framework Version |
| Lib\[net20|40|45|461|472|481]\EASendMail.dll |
Built with .NET Framework 2.0, 4.0, 4.5, 4.6.1, 4.7.2, 4.8.1
It requires .NET Framework 2.0, 3.5 or later version. |
| Lib\[net5.0|6.0|7.0|8.0]\EASendMail.dll |
Built with .NET 5.0, .NET 6.0, .NET 7.0, .NET 8.0
It requires .NET 5.0 or later version. |
| Lib\netstandard2.0\EASendMail.dll |
Built with .NET Standard 2.0
It requires .NET Standard 2.0 or later version. |
| Lib\[net20-cf|net35-cf]\EASendMail.dll |
Built with .NET Compact Framework 2.0, 3.5
It requires .NET Compact Framework 2.0, 3.5 or later version. |
VB.NET - Encrypt email - S/MIME - example¶
The following example codes demonstrate encrypting email message with digital signature - S/MIME.
In order to run it correctly, please change SMTP server, user, password, sender, recipient value to yours.
Note
To get full sample projects, please download and install EASendMail on your machine.
Imports System.Security.Cryptography.X509Certificates
' Add EASendMail namespace
Imports EASendMail
Module Module1
Private Function _findCertificate(storeName As String, emailAddress As String) As X509Certificate2
Dim cert As X509Certificate2 = Nothing
Dim store As New X509Store(storeName, StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadOnly)
Dim certfiicates As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindBySubjectName, emailAddress, True)
If certfiicates.Count > 0 Then
cert = certfiicates(0)
End If
store.Close()
_findCertificate = cert
End Function
Sub Main()
Try
Dim oMail As New SmtpMail("TryIt")
' Set sender email address, please change it to yours
oMail.From = "test@emailarchitect.net"
' Set recipient email address, please change it to yours
oMail.To = "support@emailarchitect.net"
' Set email subject
oMail.Subject = "test encrypted email from vb.net"
' Set email body
oMail.TextBody = "this is a test email with email encryption (S/MIME)"
' Search certificate based on email address.
Dim signerCertificate As X509Certificate2 = _findCertificate("My", oMail.From.Address)
If signerCertificate Is Nothing Then
Throw New Exception("No signer certificate found for " + oMail.From.Address + "!")
End If
oMail.From.Certificate2 = signerCertificate
' You can also load the signer certificate from a pfx file.
'
' Dim pfxPath As String = "D:\TestCerts\signer.pfx"
' Dim signerCertFromPfx As X509Certificate2 = New X509Certificate2(pfxPath,
' "nosecret",
' X509KeyStorageFlags.Exportable Or X509KeyStorageFlags.UserKeySet)
' oMail.From.Certificate2 = signerCertFromPfx
' If you use it in web application,
' please use X509KeyStorageFlags.Exportable Or X509KeyStorageFlags.MachineKeySet
' If you use it in .NET core application
' please use X509KeyStorageFlags.Exportable Or X509KeyStorageFlags.EphemeralKeySet
Dim count As Integer = oMail.To.Count
For i As Integer = 0 To count - 1
Dim oAddress As MailAddress = oMail.To(i)
Dim encryptCert As X509Certificate2 = _findCertificate("AddressBook", oAddress.Address)
If encryptCert Is Nothing Then
encryptCert = _findCertificate("My", oAddress.Address)
End If
If encryptCert Is Nothing Then
Throw New Exception("No encryption certificate found for " + oAddress.Address + "!")
End If
oAddress.Certificate2 = encryptCert
' You can also load the encryptor certificate from a cer file Like this
' Dim cerPath As String = "D:\TestCerts\encryptor.cer"
' Dim encryptCertFromFile = New X509Certificate2(cerPath)
' oAddress.Certificate2 = encryptCertFromFile
Next
' Your SMTP server address
Dim oServer As New SmtpServer("smtp.emailarchitect.net")
' User and password for ESMTP authentication, if your server doesn't require
' User authentication, please remove the following codes.
oServer.User = "test@emailarchitect.net"
oServer.Password = "testpassword"
' Most mordern SMTP servers require SSL/TLS connection now.
' ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
oServer.ConnectType = SmtpConnectType.ConnectTryTLS
' If your SMTP server uses 587 port
' oServer.Port = 587
' If your SMTP server requires SSL/TLS connection on 25/587/465 port
' oServer.Port = 25 ' 25 or 587 or 465
' oServer.ConnectType = SmtpConnectType.ConnectSSLAuto
Console.WriteLine("start to send encrypted email ...")
Dim oSmtp As New SmtpClient()
oSmtp.SendMail(oServer, oMail)
Console.WriteLine("email was sent successfully!")
Catch ep As Exception
Console.WriteLine("failed to send email with the following error:")
Console.WriteLine(ep.Message)
End Try
End Sub
End Module
Encryption algorithm¶
You can use SmtpMail.EncryptionAlgorithm property to set RC2, RC4, 3DES, AES128, AES192 or AES256 encryption algorithm. RSAES-OAEP (AES128, AES192 and AES256) is recommended.
RSA-OAEP Encryption with SHA256 HASH
If you need to use RSA-OAEP encryption with sha256 scheme, please have a look at this topic:
TLS 1.2 protocol¶
TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.
If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to
enable TLS 1.2 protocol in your operating system like this:
Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012
Appendix
- Send Email in VB.NET - Tutorial
- EASendMail SMTP Component SDK
- Process Bounced Email (Non-Delivery Report) and Email Tracking
- Bulk Email Sender Guidelines
- Work with Email Queue
Comments
If you have any comments or questions about above example codes, please click here to add your comments.