G
Guest
am programming against the Outlook API and CDO in C++. We already have code that is invoked by a button (added to the Outlook button bar by our integration-code) in Outlook which will extract the selected message with its attachments and save them to a file for further processing. I now need to extend our solution to extract information on encryption and/or digital signatures for the selected message. All of this information is present somehow in Outlook, because it can be seen in the user interface. The problem is what is exposed in the APIs
So, given an Outlook mail item, I need to detect
Was the email digitally signed?
Was it encrypted?
For a digital signature: could its validity be confirmed? (including time-validity, check against Certificate Revocation List, check of the complete certificate chain up to and including a trusted root). If possible, we would also like to be able to extract the certificate itself.
For an encrypted email: was decryption successful?
If validity could not be confirmed (or decryption not be done) some indication of the cause, if possible
After having looked closer at the Outlook Object Model, we have only partly found an answer to (1) and (2). We found no answers for the remaining questions
Re. (1) and (2): From an Outlook Mail item ID, we can create a CDO Message object and from that extract the two properties Signed and Encrypted. Initially, we assumed these to make up for answering (1) og (2), but experiments with the Outlook versions 2000, 2002 and 2003 show that these attributes are always False. We have read the knowledge base article 194623 entitled "HOWTO: Use CDO (1.x) to See if a Message Is Signed and/or Encrypted", which indicates that these flags are not set reliably by Outlook 98, but apparently this goes for the newer versions of Outlook as well. The article then suggests reading the message class. For all 3 Outlook versions, I then find these values
unsigned, unencrypted: IPM.Note
signed, unencrypted: IPM.Note.SMIME.MultipartSigned
unsigned, encrypted: IPM.Note.SMIME
signed, encrypted: IPM.Note.SMIM
The problem here is that the latter two are not distinguished. We have failed to find some other way of distinguishing. Another problem is that I have failed to find any properties telling me whether the signature/encryption certificate was found valid
So, given an Outlook mail item, I need to detect
Was the email digitally signed?
Was it encrypted?
For a digital signature: could its validity be confirmed? (including time-validity, check against Certificate Revocation List, check of the complete certificate chain up to and including a trusted root). If possible, we would also like to be able to extract the certificate itself.
For an encrypted email: was decryption successful?
If validity could not be confirmed (or decryption not be done) some indication of the cause, if possible
After having looked closer at the Outlook Object Model, we have only partly found an answer to (1) and (2). We found no answers for the remaining questions
Re. (1) and (2): From an Outlook Mail item ID, we can create a CDO Message object and from that extract the two properties Signed and Encrypted. Initially, we assumed these to make up for answering (1) og (2), but experiments with the Outlook versions 2000, 2002 and 2003 show that these attributes are always False. We have read the knowledge base article 194623 entitled "HOWTO: Use CDO (1.x) to See if a Message Is Signed and/or Encrypted", which indicates that these flags are not set reliably by Outlook 98, but apparently this goes for the newer versions of Outlook as well. The article then suggests reading the message class. For all 3 Outlook versions, I then find these values
unsigned, unencrypted: IPM.Note
signed, unencrypted: IPM.Note.SMIME.MultipartSigned
unsigned, encrypted: IPM.Note.SMIME
signed, encrypted: IPM.Note.SMIM
The problem here is that the latter two are not distinguished. We have failed to find some other way of distinguishing. Another problem is that I have failed to find any properties telling me whether the signature/encryption certificate was found valid