Cannot sign email

0 votes
asked Feb 3, 2014 by NoelAramis (190 points)
edited Feb 4, 2014

Hello, I've used the code provided on the S/Mime Tutorial page, but when I tried running the code, it gives me the following exception:

The signer's certificate is not intended for signing data.
A first chance exception of type 'System.Security.Cryptography.CryptographicException' occurred in Rebex.Common.dll
   at Rebex.Security.Cryptography.Pkcs.SignerInfo.Sign(SignatureOptions options)
   at Rebex.Security.Cryptography.Pkcs.SignedData.Sign(SignatureOptions options)
   at Rebex.Mime.MimeEntity.Sign()
   at Rebex.Mail.MailMessage.Sign(SignatureHashAlgorithm algorithm, MailSignatureStyle style, Certificate[] signers)
   at Rebex.Mail.MailMessage.Sign(Certificate[] signers)

Here is the code:

        // load the certificates
        Rebex.Security.Certificates.Certificate signer = Rebex.Security.Certificates.Certificate.LoadPfx(@"c:\Users\a\Desktop\senderCert.pfx", "a");
        Rebex.Security.Certificates.Certificate recipient = Rebex.Security.Certificates.Certificate.LoadPfx(@"c:\Users\a\Desktop\receiverCert.pfx", "b");

        // create an instance of MailMessage
        Rebex.Mail.MailMessage message = new Rebex.Mail.MailMessage();

        // set its properties to desired values
        message.From = "something@gmail.com";
        message.To = "something@gmail.com";
        message.Subject = "This is a simple message";
        message.BodyText = "Hello, Joe!";
        message.BodyHtml = "Hello, <b>Joe</b>!";

        message.Sign(signer);

The certificates I have are self-signed, and I've used them for email encryption/decryption and it worked just fine. I also added them to the Certificate Store and they're valid, and it doesn't seem to help.

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Feb 3, 2014 by NoelAramis (190 points)
edited Feb 4, 2014
 
Best answer

Ah, I already found the solution. It seems like when I was creating the certificate, I should've set the ExtendedKeyUsage's KeyPurposeID to AnyExtendedKeyUsage. That way, the certificate was meant for any purpose, including signing, and not just authentication like it was set beforehand.

commented Feb 4, 2014 by Tomas Knopp (58,890 points)
edited Feb 4, 2014

Hello, this makes sense. Thank you for your question and response.

...