EmailArchitect Support
»
Email Component Development
»
EASendMail SMTP Component - .NET Version
»
S/MIME Hash algorithm problem RSA-OAEP Encryption + Sha256 hash + RSASSA-PSS signature
Rank: Newbie
Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Location: Bilbao
Thanks: 4 times
Hello,
I have built a program in C# to send signed and encrypted emails automatically with the EAsendmail library but the receiver replies that he can not process the message because the hash algorithm is not correct.
The algorithm must be SHA256 or SHA512 and they say I'm sending with the default parameter SHA1. I'm confused with this because in my program I'm using the following statement:
Code: oMail.SignatureHashAlgorithm = EASendMail.SignatureHashAlgorithmType.SHA256;
Is the way to indicate the hash algorithm incorrect? Maybe the problem is the moment I indicate the sentence? I include below the rest of the code if it helps:
Code: SmtpMail oMail = new SmtpMail("myProductKey");
oMail.EncryptionAlgorithm = EASendMail::EASendMail.EncryptionAlgorithmType.ENCRYPTION_ALGORITHM_AES192;
oMail.SignatureHashAlgorithm = EASendMail::EASendMail.SignatureHashAlgorithmType.SHA256;
SmtpClient oSmtp = new SmtpClient();
oMail.From = "mydirection@domain.com";
oMail.Subject = filename;
oMail.TextBody = "EDIFACT - Nachricht";
bool encontradoCifrado = false;
EASendMail.Certificate[] certificadosCifrado = EASendMail::EASendMail.Certificate.FindCertificates("",
Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
"MY");
subjectBuscado = "C=DE, S=Berlin, L=Berlin, O=AAAAAAAAAA GMBH, OU=BBBBBBBBBB, OU=Commercial, CN=CCCCCCCC, E=mydirection@domain.com";
for (int j = 0; j < certificadosCifrado.Length; j++)
{
if (certificadosCifrado[j].Subject == subjectBuscado)
{
MailAddress oAddressfrom = oMail.From as MailAddress;
oAddressfrom.Certificate = certificadosCifrado[j];
encontradoCifrado = true;
break;
}
}
MailAddress oAddressto;
oMail.To = "receiver@domain.com";
oAddressto = oMail.To[0] as MailAddress;
oAddressto.Certificate.Load("C/certificados/CERTIFICATE1.cer");
String attach = Convert.ToBase64String(File.ReadAllBytes(fileName));
oMail.AddAttachment( onlyfilename,attach);
SmtpServer oServer = new SmtpServer("smtp.domain.com");
oServer.Port = 25;
if(encontradoCifrado){
try
{
oSmtp.SendMail(oServer, oMail);
Console.WriteLine("email was sent successfully!");
}
catch (Exception ep)
{
Console.WriteLine("failed to send email with the following error:");
Console.WriteLine(ep.Message);
Console.ReadKey();
}
}
The response is that I am using the DEFAULT params for hash algorithm:
Quote: RSAES-OAEP-params ::= SEQUENCE { hashAlgorithm [0] HashAlgorithm DEFAULT sha1, maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty }
Can you please help me to correctly change the hash algorithm to SHA256?
Thank you,
Greetings
Alex
Edited by moderator Saturday, July 20, 2019 2:57:29 AM(UTC)
| Reason: Change subject for better search
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
Hi, thanks for using our software. You need a special version of EASendMail to implement RSA-OAEP Encryption + Sha256 hash and RSASSA-PSS signature, i guess that is a requirement in Germany. Please check your private message in the forum, i will send you the detail.
1 user thanked ivan for this useful post.
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
By default, EASendMail uses windows/.NET built-in function to implement S/MIME, but it seems there is a compatible problem with RSASSA-PSS signature.
So we implemented another version by Bouncy Castle library.
Code:
// Digital signature with sha-256 hash algorithm (formal EASendMail)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
// Digital signature with sha-256 hash algorithm + RSASSA-PSS signature (EASendMail with bouncy castle version)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
oMail.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;
// Email encryption with RAES-OAEP-128 (formal EASendMail)
oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;
To use RSASSA-PSS signature, you must download and use this version.
http://www.emailarchitec...wnload/easendmail.bc.exe Note: RSASSA-PSS signature by Bouncy Castle is not verified by most email clients (outlook, firebird ...), but it does meet the requirement in Germany.
If you don't use RSASSA-PSS signature, you don't have to use EASendMail + bouncy castle, just set it
Code:
// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;
1 user thanked ivan for this useful post.
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.
If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Germany, you'd better to use this version:
http://www.emailarchitec...wnload/easendmail.bc.exe It uses SHA256 hash signature + SHA256 padding scheme.
Edited by user Monday, October 14, 2019 1:13:23 AM(UTC)
| Reason: Not specified
1 user thanked ivan for this useful post.
Rank: Newbie
Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Location: Bilbao
Thanks: 4 times
Originally Posted by: ivan In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.
If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:
http://www.emailarchitec...wnload/easendmail.bc.exe It uses SHA256 hash signature + SHA256 padding scheme.
Hello Ivan,
First of all thank you very much for your messages.
That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.
I have a doubt: in the formal EASendmail I see that the
SmtpMail object doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?
Thanks again,
Alex
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: avalero008 Originally Posted by: ivan In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.
If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:
http://www.emailarchitec...wnload/easendmail.bc.exe It uses SHA256 hash signature + SHA256 padding scheme.
Hello Ivan,
First of all thank you very much for your messages.
That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.
I have a doubt: in the formal EASendmail I see that the
SmtpMail object doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?
Thanks again,
Alex
This property is undocumented, but it is existed, but it requires EASendMail 7.5.0.1 or later version. If you're using an older version, please download the latest version. Or you can use EASendMail BC version and have a try. Because you have to use RSASSA-PSS signature scheme, so BC version is the only solution.
1 user thanked ivan for this useful post.
Rank: Newbie
Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Location: Bilbao
Thanks: 4 times
I have tried with EAsendmail BC and it works!
Thank you very much Ivan, great support.
Regards,
Alex
Edited by user Tuesday, July 23, 2019 3:47:03 AM(UTC)
| Reason: Not specified
Rank: Newbie
Groups: Registered
Joined: 8/28/2019(UTC)
Posts: 0
Hi,
I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll:
Code: [10:28:47 ERR] Exception while attempting to send email
System.ArgumentException: Unsupported algorithm specified
Parameter name: privateKey
at Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(AsymmetricAlgorithm privateKey)
at .( , Byte[] , Boolean )
at .( , Byte[] , Boolean )
at EASendMail.SmtpMail.()
at EASendMail.SmtpMail.get_EncodedContent()
at EASendMail.SmtpClient.SendMail(SmtpMail mail)
The code that I use looks like this:
Code: public async Task Send(Mail mail, ConnectionInfo connectionInfo, MailSecurityOptions mailSecurityOptions)
{
var message = new SmtpMail("TryIT")
{
Subject = mail.subject
};
foreach (var attachment in mail.attachments)
{
var content = Convert.FromBase64String(attachment.content);
message.AddAttachment(attachment.fileName, content);
}
message.TextBody = mail.body;
message.HtmlBody = mail.body;
message.Sender = new MailAddress(mail.sender.name, mail.sender.address);
message.From = new MailAddress(mail.sender.name, mail.sender.address);
message.Headers.Add(new HeaderItem("X-Mailer", "Outlook 14.0"));
message.Headers.Add("Content-Language", "da");
foreach (var recipient in mail.recipients)
{
message.To.Add(new MailAddress("", recipient.address));
}
message.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
message.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;
var signerCertificate = _certificateService.GetCertificateBySenderEmail(message.From.Address);
message.From.Certificate = signerCertificate;
var smtpServer = new SmtpServer(connectionInfo.Host);
if (!string.IsNullOrEmpty(connectionInfo.Username) || !string.IsNullOrEmpty(connectionInfo.Password))
{
smtpServer.User = connectionInfo.Username;
smtpServer.Password = connectionInfo.Password;
}
var client = new SmtpClient();
client.SendMail(smtpServer, message);
}
Can anyone spot what I'm missing?
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: Flambo Hi, I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll: Can anyone spot what I'm missing?
Hi, your code looks good, but it seems the private key couldn't be exported. Please email to
support@emailarchitect.net so that we can provide support directly.
EmailArchitect Support
»
Email Component Development
»
EASendMail SMTP Component - .NET Version
»
S/MIME Hash algorithm problem RSA-OAEP Encryption + Sha256 hash + RSASSA-PSS signature
Forum Jump
EmailArchitect Support
Email Component Development
- EASendMail SMTP Component - .NET Version
- EASendMail SMTP Component - Windows Store Apps
- EASendMail SMTP ActiveX Object
- EAGetMail POP3 & IMAP4 Component - .NET Version
- EAGetMail POP3 & IMAP4 ActiveX Object
Exchange Server and IIS SMTP Plugin
- DomanKeys/DKIM for Exchange Server and IIS SMTP
- Disclaimer and S/MIME for Exchange Server and IIS
EmailArchitect Email Server
- EmailArchitect Email Server (General)
- EmailArchitect Email Server Development
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.