VB.Net Code for signing an email

[Guest]

Hi,

Can you help me with some sample code for signing an email? I have the code
to manage/Select the Digital Cert but cannot figure out how to sign an email
with it. I have been using the CAPICOM interop to sign email but now that I
have upraded to VS2005 I am wanting to convert the code to 100% managed code.
Any pointers to sign an email using the 2.0 framework would be greatly
appreciated...

Thanks
Jason

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your post!

Based on my knowledge, signing a message means sending a message in clear
text followed by a message authentication code(MAC), which is a one-way
hash of the message, and then encrypt the hash value with certain session
key.

In .Net2.0, Microsoft has added the support for MAC in
System.Security.Cryptography namespace with HMACSHA256 and ProtectedData
classes. Please refer to the following 2 articles:
"Security Enhancements in the .NET Framework 2.0"
http://msdn.microsoft.com/msdnmag/issues/06/00/SecurityBriefs/default.aspx
"Security Practices: .NET Framework 2.0 Security Practices at a Glance"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/PAGPractices0002.asp

If I misunderstand you, please feel free to tell me. Thanks

At last, for .Net security issue, there is a dedicated newsgroup
microsoft.public.dotnet.security.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

I was hoping that you would have some code that does the signing
part??...Using CAPICOM is pretty envolved and uses the CDO component and Body
Parts. While I am sure I would eventually figure out how to translate the
code I was hoping that someone would have some code I could digest???

Thanks
Jason

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

I am not sure I understand your concern very well. I did not see much magic
or obstacle of using these 2 classes, the programming model for generating
MAC is just following the MSDN of these 2 classes.

Below is the sample code I found for generating HMAC code, hope it meet
your need(C# and VB.net versions):
"Generate H Mac Code"
http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.GenerateHMacCode
"Generate H Mac Code2"
http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.GenerateHMacCode2

If I misunderstood your key concern, please feel free to tell me, I will
work with you. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Jeffery, thanks for your response. However, I'm not sure these classes give
me what I am looking for.

The CAPICOM code I developed works with CDO. It gets the body part of the
email that contains the message, images etc, extracts the bytes that make up
the complete message, signs the data and then repopulates the body part
complete with the Digital signature that signed the code. The email is then
sent as normal. When the email is received Outlook verifies that the email
was sent using a valid Digital ID and has not been modified. The email
appears with a lock on the icon in the inbox to show that the message has
been signed and verified.

My Approach with the 2.0 framework is to create the message using the
Alternateviews and linkresource classes, embedding images etc. Then
extracting a stream object, use the SignedCMS class to sign the bytes of the
message using an x509Certificate2 and re-populate the mailMessage class with
the signed text..I see no need to use the classes that you are referencing...
or am I missing something??

Hope that explains a little on what I am trying to achieve??

Thanks
Jason

 

[Eugene Mayevski]

Hello!
You wrote on Mon, 15 May 2006 21:42:01 -0700:

J> My Approach with the 2.0 framework is to create the message using the
J> Alternateviews and linkresource classes, embedding images etc. Then
J> extracting a stream object, use the SignedCMS class to sign the bytes of
J> the message using an x509Certificate2 and re-populate the mailMessage
J> class with the signed text..I see no need to use the classes that you
J> are referencing... or am I missing something??

What you need is S/MIME, while Jeffrey is talking about pure hash
calculation.
Since SMIME support is not directly available in .NET Framework (with
SignedCMS you will have to do certain extra work), you can find it
time-saving to use a third-party library.
For S/MIME and PGP/MIME you can take a look at our MIMEBlackbox (
http://www.eldos.com/sbb/net-mime.php ) which does what you need quickly and
efficiently.

With best regards,
Eugene Mayevski

 

[Guest]

Jeffery,

I have a Test App I can send you that does the Signing using CAPICOM and
what I have so far for signing with the 2.0 Framework. Unfortunately I don't
have an externally available web Server where I could place the app for you
to download...Can I mail it directly to you??

Eugene, thanks for your email. However, I'm not sure that I agree that the
2.0 Framework won't do what I want it to do...I have very nearly got the
functionality for signing together...I'm just missing a few parts that I
think is due to a lack of knowledge of the framework, not because it's not
there..

 

[Eugene Mayevski]

Hello!
You wrote on Tue, 16 May 2006 01:50:01 -0700:

J> Eugene, thanks for your email. However, I'm not sure that I agree that
J> the 2.0 Framework won't do what I want it to do...I have very nearly got
J> the functionality for signing together...I'm just missing a few parts
J> that I think is due to a lack of knowledge of the framework, not because
J> it's not there..

I agree, that you can get everything together. The question is the amount of
work needed .

With best regards,
Eugene Mayevski

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

I am not familiar with the email format Outlook needed to verify the email
content. I am just showing how to generate MAC of a message in .Net2.0.

I do not understand why you want to send a project to me. We did not
provide project code review for newsgroup.

Can you be clear on what encryption you want to get? Didn't you want to
calculate the MAC of the email content?

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Jeffery,

My post does not really have anything to do with outlook. I was simply
trying to reference what happens when a Digitally signed email is received.

On my last thread with you (unrelated to this) I was asked to provide a code
example of my problem. Well, because I had already got half this app together
when I wrote the original signing test I thought you may understand more of
what I am trying to do if you saw the code. No need to send it if that is not
going to help.

As for encryption, I am NOT looking to encrypt. All I am trying to do is
Digitally sign an email with a Digital signature. My test app has this
completely working with CAPICOM and CDO I'm just missing some steps (I think)
when doing this with the 2.0 framework..

If you are unable to help me I will continue to work it myself..

Thanks
Jason

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

Please see inline:

On my last thread with you (unrelated to this) I was asked to provide a code
example of my problem. Well, because I had already got half this app together
when I wrote the original signing test I thought you may understand more of
what I am trying to do if you saw the code. No need to send it if that is not
going to help.

Sorry, but can you be specific about what issue you are referring to? It
seems that I did not ask you for a project in this thread. Do you mean the
original DHML editor control post? If so, I suggest you start a new thread,
and I will continue to work with you on that issue. Sorry for
misunderstanding you.

As for encryption, I am NOT looking to encrypt. All I am trying to do is
Digitally sign an email with a Digital signature. My test app has this
completely working with CAPICOM and CDO I'm just missing some steps (I think)
when doing this with the 2.0 framework..

I am not sure why my suggestion did not provide what you want. Based on my
experience, digital sign means give the message(email content in our
scenario) a one-way hashing, then encrypt the resulting hashed value with
certain session key. The final result is called MAC, which is sent with the
message content. So I provide the class of doing hashing in .Net and the
class of doing encryption in .Net. Is there any concept misunderstanding in
my suggestion? Please feel free to point out and tell me what signing
process you want to get.

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Jeffery, We are getting our wires a little crossed here. I do not need help
with the DHTML Editor I was building. I was trying to say that you had asked
for code examples in that case. So, for the signing effort I put some code
together to demonstrate what I had build with CAPICOM and what I was trying
to put together with the 2.0 Framework.

In reference to where you were sending me. I don't believe I need to use the
classes you reference because the SignedCMS class appears to give me what I
need as far as signing is concerned. What I don't understand is how to put
the email message back together after I have the content signed..

I suspect I will just need to keep working it as I'm not sure you are
understanding my problem..

Jason

Hi Jason,

Thanks for your feedback!

Please see inline:

On my last thread with you (unrelated to this) I was asked to provide a code
example of my problem. Well, because I had already got half this app together
when I wrote the original signing test I thought you may understand more of
what I am trying to do if you saw the code. No need to send it if that is not
going to help.

Sorry, but can you be specific about what issue you are referring to? It
seems that I did not ask you for a project in this thread. Do you mean the
original DHML editor control post? If so, I suggest you start a new thread,
and I will continue to work with you on that issue. Sorry for
misunderstanding you.

As for encryption, I am NOT looking to encrypt. All I am trying to do is
Digitally sign an email with a Digital signature. My test app has this
completely working with CAPICOM and CDO I'm just missing some steps (I think)
when doing this with the 2.0 framework..

I am not sure why my suggestion did not provide what you want. Based on my
experience, digital sign means give the message(email content in our
scenario) a one-way hashing, then encrypt the resulting hashed value with
certain session key. The final result is called MAC, which is sent with the
message content. So I provide the class of doing hashing in .Net and the
class of doing encryption in .Net. Is there any concept misunderstanding in
my suggestion? Please feel free to point out and tell me what signing
process you want to get.

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

Oh, yes, I understand your main concern now. Based on my experience, the
format of the email with MAC result should be determined by the
receiver(Outlook in our case). That is only we know what digital signing
format Outlook expected to get, can we form the email content as the need.
Do you agree with my understanding?

However, I am not familiar with this field. I am not sure what format
Outlook expected from digital signing. If you know of the email format
Outlook expected to receive, please feel free to tell me, then I will help
you with the process of forming the correct email content. Thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Based on my further research, does your "signing an email" mean forming a
S/MIME Signature in .Net? If so, you may give the below sample code a try:
"S/MIME VB.NET Examples"
http://www.example-code.com/vbdotnet/smime.asp

The above sample code requests Chilkat .NET components to do the actual
work, you can download it from the link below:
http://www.example-code.com/vbdotnet/step1.asp

If you still have any concern, please feel free to feedback. Thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Jeffery,

Yes, S/MIME is what I am trying to do. I am trying to build this
functionality and not use a third party control so I can add any custom code
I need.

If you have any examples (Managed Code only), regardless of the language to
send S/Mime I would be very greatful...If not I think you can close this
thread...Thanks
Jason

Thanks for your help.

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

Yes, since I am not familiar with the Outlook S/MIME signature, I am
currently doing consulting and coworking with the Outlook experts.

Based on the Reflector decompilation result, the 3rd party Chilkat .NET
component internally implements all the work with unmanaged code. I am not
sure if there is any build-in support for S/MIME signature in .Net.

I will try to get more confirmation and information regarding this and
reply to you ASAP. Thanks for your patient!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Thanks for your help Jeffery, I very much appreciate your help.

I have a test application I created that sends email in two ways, the first
using CAPICOM and CDO to sign and send and the other using all Managed code.
On the Managed side I can retrieve the message text about to be sent, sign it
and then I'm stuck. what I'm missing is putting the signed content back into
the mail to send it. So, I have to believe that it's possbile using all
managed code...I'm just missing a few steps I think on how to build the mail
message with signed content..

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your feedback!

If I do not misunderstand you, I think you have managed to use managed code
to sign the email, the current problem is how to place it in the correct
email format that Outlook can recognize.

Can you show me some details regarding how you use managed code to do the
S/MIME digital signing? Based on the consult feedback, there is no build-in
support for this in .Net:

Your choices are ¨C
1. Use a third party component, there are plenty out there, I¡¯ve not
evaluated any of them so I can¡¯t recommend one.
2. You can use COM Interop with CAPICOM to produce digitally
signed/encrypted e-mails from .NET

Regarding the latter option, you have to write an S/MIME class that
implements the S/MIME and MIME RFCs. So it's the harder option, but means
you're free of third party dependencies and licensing, all you need is
CAPICOM.

Do you think the option2 is suitable for you? Please feel free to tell me,
thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Jeffery,

I already have a working version using CAPICOM but I have to use CDO to
signed the email and not system.net.mail so I have not removed the
non-managed code that I wanted to... I guess I'll have to stick with that..

Here is the signing function that I put together..obviously does not work
but wanted to show you what I have so far:

Public Sub SignMessage_Managed(ByVal oCert As
X509Certificates.X509Certificate2)
Const sFuncName As String = "SignMessage"

Try
Dim oSigner As New CmsSigner(oCert) 'Signer Cert Passed in as parameter
Dim oContentStream As IO.Stream 'Stream for Alternateview Components
Dim oContentinfo As ContentInfo 'Content info from Stream
Dim oEncoder As New System.Text.ASCIIEncoding 'Encoder

'Setting the Sender infom from the Cert
moMailMsg.From = New
MailAddress(oSigner.Certificate.GetNameInfo(X509Certificates.X509NameType.EmailName, False))
moMailMsg.ReplyTo = New
MailAddress(oSigner.Certificate.GetNameInfo(X509Certificates.X509NameType.EmailName, False))
moMailMsg.Sender = New
MailAddress(oSigner.Certificate.GetNameInfo(X509Certificates.X509NameType.EmailName, False))

'If there is an alternate view (embedded images etc) we'll extract to
a stream and turn into a contentinfo object
If moMailMsg.AlternateViews.Count > 0 Then
Dim oAlternateView As AlternateView = moMailMsg.AlternateViews(0)
With oAlternateView
oContentStream = .ContentStream
End With

Dim oContentBytes(oContentStream.Length) As Byte
oContentStream.Read(oContentBytes, 0, oContentStream.Length)
oContentStream.Close()

oContentinfo = New ContentInfo(oContentBytes)
Else
Dim oContentBytes As Byte() = oEncoder.GetBytes(moMailMsg.Body)

oContentinfo = New ContentInfo(oContentBytes)
End If

'Signing the Data
Dim oSignedData As New SignedCms(oContentinfo)
oSignedData.ComputeSignature(oSigner)


Dim oEncodedBytes As Byte() = oSignedData.Encode()
Dim sSignedContent As String = oEncoder.GetString(oEncodedBytes)

'Trying to rebuild the alternate View from the encoded stream.
'This is where it goes wrong...
Dim oNewAlternateView As AlternateView =
AlternateView.CreateAlternateViewFromString(sSignedContent,
System.Text.Encoding.UTF8, MediaTypeNames.Text.Html)

moMailMsg.AlternateViews.RemoveAt(0) 'Removing the existing Alternate
view
moMailMsg.AlternateViews.Add(oNewAlternateView) 'adding the signed
version.

Catch ex As Exception
ex.Source = sClassName & "::" & sFuncName
Throw New Exception(ex.Message, ex.InnerException)
Finally
End Try
End Sub

Product Engineering provided me with a patched version of the CAPICOM dll a
few years ago when I firsted moved the code to .Net. I may raise this as an
issue through the same channels and see if we can get something working...

Thanks for your help Jeffery..

Hi Jason,

Thanks for your feedback!

If I do not misunderstand you, I think you have managed to use managed code
to sign the email, the current problem is how to place it in the correct
email format that Outlook can recognize.

Can you show me some details regarding how you use managed code to do the
S/MIME digital signing? Based on the consult feedback, there is no build-in
support for this in .Net:

Your choices are ¨C
1. Use a third party component, there are plenty out there, I¡¯ve not
evaluated any of them so I can¡¯t recommend one.
2. You can use COM Interop with CAPICOM to produce digitally
signed/encrypted e-mails from .NET

Regarding the latter option, you have to write an S/MIME class that
implements the S/MIME and MIME RFCs. So it's the harder option, but means
you're free of third party dependencies and licensing, all you need is
CAPICOM.

Do you think the option2 is suitable for you? Please feel free to tell me,
thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jeffrey Tan[MSFT]]

Hi Jason,

Thanks for your demo code!

I am not sure if it is posible with the .Net mail classes, you might need
to send them to the CDO COM object to get this done. Anyway, I will
continue to work with other engineer to check the mail classes spec to
ensure if there is native support for this in .Net2.0. I will get back to
you ASAP. Thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.