Encrypt Email in Delphi - S/MIME with RC2, 3DES and RSAES-OAEP¶
In previous section, I introduced how to send email with digital signature. In this section, I will introduce how to encrypt email with digital certificate in Delphi.
Introduction¶
After the recipient received your email with digital signature, the recipient can get your digital certificate public key from your digital signature. Then the recipient can encrypt an email with your public key and send it to you. Only you can decrypt this email with your private key. That is how S/MIME can protect your email content. If you don’t expose your digital certificate private key to others, none can read your email which is encrypted by your public key.
If you received an email with digital signature, your email client usually stores the public key of the sender in “Control Panel” -> “Internet Options” -> “Content” -> “Certificates” -> “Other People”.
Then you can use the following code to encrypt email and send it to your recipient.
Note
Remarks: All of samples in this section are based on first section: Send email in a simple Delphi project. To compile and run the following example codes successfully, please click here to learn how to create the test project and add reference of EASendMail to your project.
[Delphi - Email Encryption (S/MIME) - Example]¶
The following example codes demonstrate how to encrypt email with digital certificate in Delphi.
Note
To get the full sample projects, please refer to Samples section.
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, EASendMailObjLib_TLB; // add EASendMail unit
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
const
ConnectNormal = 0;
ConnectSSLAuto = 1;
ConnectSTARTTLS = 2;
ConnectDirectSSL = 3;
ConnectTryTLS = 4;
CRYPT_MACHINE_KEYSET = 32;
CRYPT_USER_KEYSET = 4096;
CERT_SYSTEM_STORE_CURRENT_USER = 65536;
CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
oSmtp : TMail;
oEncryptCert : TCertificate;
begin
oSmtp := TMail.Create(Application);
oSmtp.LicenseCode := 'TryIt';
// Set your sender email address
oSmtp.FromAddr := 'test@emailarchitect.net';
// Add recipient email address
oSmtp.AddRecipientEx('support@emailarchitect.net', 0);
// Set email subject
oSmtp.Subject := 'test encrypted email from Delphi with digital signature';
// Set body text
oSmtp.BodyText := 'this is a test encrypted email sent from Delphi with digital signature';
// Add digital signature
if not oSmtp.SignerCert.FindSubject('test@emailarchitect.net',
CERT_SYSTEM_STORE_CURRENT_USER, 'my') then
begin
ShowMessage(oSmtp.SignerCert.GetLastError());
exit;
end;
if not oSmtp.SignerCert.HasCertificate Then
begin
ShowMessage('Signer certificate has no private key, ' +
'this certificate can not be used to sign email');
end;
// Find the encrypting certificate for every recipients
oEncryptCert := TCertificate.Create(Application);
if not oEncryptCert.FindSubject('support@emailarchitect.net',
CERT_SYSTEM_STORE_CURRENT_USER, 'AddressBook') then
if not oEncryptCert.FindSubject('support@emailarchitect.net',
CERT_SYSTEM_STORE_CURRENT_USER, 'my') then
begin
ShowMessage(oEncryptCert.GetLastError());
exit;
end;
// Add encrypting certificate
oSmtp.RecipientsCerts.Add(oEncryptCert.DefaultInterface);
// Your SMTP server address
oSmtp.ServerAddr := 'smtp.emailarchitect.net';
// User and password for ESMTP authentication, if your server doesn't require
// user authentication, please remove the following codes
oSmtp.UserName := 'test@emailarchitect.net';
oSmtp.Password := 'testpassword';
// ConnectTryTLS means if server supports SSL/TLS connection, SSL/TLS is used automatically
oSmtp.ConnectType := ConnectTryTLS;
// If your server uses 587 port
// oSmtp.ServerPort := 587;
// If your server uses 25/587/465 port with SSL/TLS
// oSmtp.ConnectType := ConnectSSLAuto;
// oSmtp.ServerPort := 587; // 25 or 587 or 465
ShowMessage('start to send email ...');
if oSmtp.SendMail() = 0 then
ShowMessage('email was sent successfully!')
else
ShowMessage('failed to send email with the following error: '
+ oSmtp.GetLastErrDescription());
end;
end.
If you received digital signed and encrypted email by Windows Mail(Outlook Express), it looks like this:
Encryption Algorithm¶
You can use EncryptionAlgorithm property to set RC2, RC4, 3DES, AES128, AES192 or AES256 encryption algorithm. RSAES-OAEP (AES128, AES192 and AES256) is recommended.
RSA-OAEP Encryption with SHA256 HASH
If you need to use RSA-OAEP encryption with sha256 scheme based on EDIFACT rule, please have a look at this topic:
RSASSA-PSS + RSA-OAEP Encryption with SHA256
Next Section
At next section I will introduce how to send email with event handler in asynchronous mode.
Appendix
- EASendMail SMTP Component SDK
- Process Bounced Email (Non-Delivery Report) and Email Tracking
- Bulk Email Sender Guidelines
- Work with Email Queue
- Registration-free COM/ActiveX with Manifest File (Distribution)
Comments
If you have any comments or questions about above example codes, please click here to add your comments.