In previous section, I introduced how to send email with digital signature. In this section, I will introduce how to encrypt email with digital certificate in Managed C++.
After the recipient received your email with digital signature, the recipient can get your digital certificate public key from your digital signature. Then the recipient can encrypt an email with your public key and send it to you. Only you can decrypt this email with your private key. That is how S/MIME can protect your email content. If you don’t expose your digital certificate private key to others, none can read your email which is encrypted by your public key.
If you received an email with digital signature, your email client usually stores the public key of the sender in “Control Panel” -> “Internet Options” -> “Content” -> “Certificates” -> “Other People”.
Then you can use the following code to encrypt email and send it to your recipient.
Note
Remarks: All of samples in this section are based on first section: A simple Managed C++/CLI project. To compile and run the following example codes successfully, please click here to learn how to create the test project and add reference of EASendMail to your project.
The following example codes demonstrate how to encrypt email with digital certificate.
Note
To get the full sample projects, please refer to Samples section.
#include "stdafx.h"
using namespace System;
using namespace System::Security::Cryptography::X509Certificates;
using namespace EASendMail;
X509Certificate2^ _findCertificate(String ^storeName, String ^emailAddress)
{
X509Certificate2 ^cert = nullptr;
X509Store ^store = gcnew X509Store(storeName, StoreLocation::CurrentUser);
store->Open(OpenFlags::ReadOnly);
X509Certificate2Collection ^certfiicates = store->Certificates->Find(
X509FindType::FindBySubjectName, emailAddress, true);
if (certfiicates->Count > 0)
{
cert = certfiicates[0];
}
store->Close();
return cert;
}
int main(array<System::String ^> ^args)
{
try
{
SmtpMail ^oMail = gcnew SmtpMail("TryIt");
// Set sender email address, please change it to yours
oMail->From = "test@emailarchitect.net";
// Set recipient email address, please change it to yours
oMail->To = gcnew AddressCollection("support@emailarchitect.net");
// Set email subject
oMail->Subject = "test encrypted email from Managed C++ project";
// Set email body
oMail->TextBody = "this is a test encrypted email sent from Managed C++";
X509Certificate2 ^signerCertificate = _findCertificate("My", oMail->From->Address);
if (signerCertificate == nullptr)
throw gcnew Exception("No signer certificate found!");
oMail->From->Certificate2 = signerCertificate;
// You can also load the signer certificate from a pfx file.
/* String ^pfxPath = "D:\\TestCerts\\signer.pfx";
X509Certificate2 ^signerCertFromPfx = gcnew X509Certificate2(pfxPath,
"nosecret",
X509KeyStorageFlags::Exportable | X509KeyStorageFlags::UserKeySet);
oMail->From->Certificate2 = signerCertFromPfx;
*/
// If you use it in web application,
// please use X509KeyStorageFlags::Exportable | X509KeyStorageFlags::MachineKeySet
// If you use it in .NET core application
// please use X509KeyStorageFlags::Exportable | X509KeyStorageFlags::EphemeralKeySet
int count = oMail->To->Count;
for (int i = 0; i < count; i++)
{
MailAddress ^oAddress = dynamic_cast<MailAddress^>(oMail->To[i]);
X509Certificate2 ^encryptCert = _findCertificate("AddressBook", oAddress->Address);
if (encryptCert == nullptr)
encryptCert = _findCertificate("My", oAddress->Address);
if (encryptCert == nullptr)
throw gcnew Exception("No encryption certificate found!");
oAddress->Certificate2 = encryptCert;
// You can also load the encryptor certificate from a cer file like this
/*
String ^cerPath = "D:\\TestCerts\\encryptor.cer";
X509Certificate2 ^encryptCertFromFile = gcnew X509Certificate2(cerPath);
oAddress->Certificate2 = encryptCertFromFile;
*/
}
// Your SMTP server address
SmtpServer ^oServer = gcnew SmtpServer("smtp.emailarchitect.net");
// User and password for ESMTP authentication.
oServer->User = "test@emailarchitect.net";
oServer->Password = "testpassword";
// Most mordern SMTP servers require SSL/TLS connection now.
// ConnectTryTLS means if server supports SSL/TLS, SSL/TLS will be used automatically.
oServer->ConnectType = SmtpConnectType::ConnectTryTLS;
// If your SMTP server uses 587 port
// oServer->Port = 587;
// If your SMTP server requires SSL/TLS connection on 25/587/465 port
// oServer->Port = 25; // 25 or 587 or 465
// oServer->ConnectType = SmtpConnectType::ConnectSSLAuto;
Console::WriteLine("start to send encrypted email ...");
SmtpClient ^oSmtp = gcnew SmtpClient();
oSmtp->SendMail(oServer, oMail);
Console::WriteLine("email was sent successfully!");
}
catch (Exception ^ep)
{
Console::WriteLine("failed to send email with the following error:");
Console::WriteLine(ep->Message);
}
return 0;
}
If you received digital signed and encrypted email by Windows Mail(Outlook Express), it looks like this:
You can use SmtpMail.EncryptionAlgorithm property to set RC2, RC4, 3DES, AES128, AES192 or AES256 encryption algorithm. RSAES-OAEP (AES128, AES192 and AES256) is recommended.
RSA-OAEP Encryption with SHA256 HASH
If you need to use RSA-OAEP encryption with sha256 scheme based on EDIFACT rule, please have a look at this topic:
RSASSA-PSS + RSA-OAEP Encryption with SHA256 hash algorithm
Next Section
At next section I will introduce how to send email with event handler.
Appendix
Comments
If you have any comments or questions about above example codes, please click here to add your comments.