CertificateFinder Error

Question

Hi there,

CertificateFinder Error cannot convert from "Rebex Security.Certificates.Certificate" to "Rebex.Security.Certicates.CertificateChain"

the variable certificate is a byte[] variable which I get from keyVault

I tought of something like this:

private async Task Decrypt(MailMessage mailMessage, byte[] certificate)
    {
        if (mailMessage.IsEncrypted)
        {
            if (!mailMessage.CanDecrypt)
            {
                throw new ApplicationException("Message cannot be decrypted. Check the Decryption part");
            }
            Certificate cert = new Certificate(certificate);
            mailMessage.CertificateFinder = CertificateFinder.CreateFinder(cert);
            mailMessage.Decrypt();
        }
    }

Any suggestions?

Answer 1

Hi, the CreateFinder method expects an instance of CertificateChain. If you only have an instance of Certificate, convert it to a chain first:

Certificate cert = new Certificate(certificate);
CertificateChain chain = CertificateChain.BuildFrom(cert);
mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
mailMessage.Decrypt();

Comments

Unfortunately this did not work. I tried to load to certificate locally to make sure everything with the certificate is fine & it worked.

But as soon i try to fetch the certificate from keyVault the solution says "false" for !mailMessage.CanDecrypt

Edit: Sorry I also forgot to mention that the certificate owns a password.

Just one more question:
Till now i was working with EwsMessageInfo to get the informations about the Mails.
Now i want to work with Encrypted Emails also.

Is there any way to convert a MailMessage into the Type EwsMessageInfo?
Or is there any way to check for Encryption and Encrypting Mails over the datatype EwsMessageInfo?

---

Unfortunately, support for encrypted messages in EWS protocol is not very good at all. To determine whether a message is encrypted (and/or signed) using S/MIME, use GetMessageInfo with EwsItemFields.AttachmentInfo, and check whether there is an attachment with a Content-Type of "application/pkcs7-mime" or "multipart/signed". Presence of such attachment indicates an S/MIME message. However, to learn anything more about the message, you would have to download it into an instance of MailMessage.

---

Thank you for you answer.

is there also a way to give a password for this part of the code?
Because I have an existing password for the certificate

Certificate cert = new Certificate(certificate);
CertificateChain chain = CertificateChain.BuildFrom(cert);
mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
mailMessage.Decrypt();

---

How is the certificate stored? Is it in a single encrypted .pfx or .p12 file, or in two files, one for the certificate, and another (encrypted) for the key? If it's in a single encrypted file, you can simply do this:
    CertificateChain chain = CertificateChain.LoadPfx(cert_data_or_path, password);
    mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
    mailMessage.Decrypt();