0 votes
by (240 points)
edited by

Hi there,

CertificateFinder Error cannot convert from "Rebex Security.Certificates.Certificate" to "Rebex.Security.Certicates.CertificateChain"

the variable certificate is a byte[] variable which I get from keyVault

I tought of something like this:

private async Task Decrypt(MailMessage mailMessage, byte[] certificate)
    {
        if (mailMessage.IsEncrypted)
        {
            if (!mailMessage.CanDecrypt)
            {
                throw new ApplicationException("Message cannot be decrypted. Check the Decryption part");
            }
            Certificate cert = new Certificate(certificate);
            mailMessage.CertificateFinder = CertificateFinder.CreateFinder(cert);
            mailMessage.Decrypt();
        }
    }

Any suggestions?

1 Answer

0 votes
by (147k points)

Hi, the CreateFinder method expects an instance of CertificateChain. If you only have an instance of Certificate, convert it to a chain first:

Certificate cert = new Certificate(certificate);
CertificateChain chain = CertificateChain.BuildFrom(cert);
mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
mailMessage.Decrypt();
by (240 points)
edited by
Unfortunately this did not work. I tried to load to certificate locally to make sure everything with the certificate is fine & it worked.

But as soon i try to fetch the certificate from keyVault the solution says "false" for !mailMessage.CanDecrypt

Edit: Sorry I also forgot to mention that the certificate owns a password.

Just one more question:
Till now i was working with EwsMessageInfo to get the informations about the Mails.
Now i want to work with Encrypted Emails also.

Is there any way to convert a MailMessage into the Type EwsMessageInfo?
Or is there any way to check for Encryption and Encrypting Mails over the datatype EwsMessageInfo?
by (147k points)
Unfortunately, support for encrypted messages in EWS protocol is not very good at all. To determine whether a message is encrypted (and/or signed) using S/MIME, use GetMessageInfo with EwsItemFields.AttachmentInfo, and check whether there is an attachment with a Content-Type of "application/pkcs7-mime" or "multipart/signed". Presence of such attachment indicates an S/MIME message. However, to learn anything more about the message, you would have to download it into an instance of MailMessage.
by (240 points)
Thank you for you answer.

is there also a way to give a password for this part of the code?
Because I have an existing password for the certificate

Certificate cert = new Certificate(certificate);
CertificateChain chain = CertificateChain.BuildFrom(cert);
mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
mailMessage.Decrypt();
by (147k points)
How is the certificate stored? Is it in a single encrypted .pfx or .p12 file, or in two files, one for the certificate, and another (encrypted) for the key? If it's in a single encrypted file, you can simply do this:
    CertificateChain chain = CertificateChain.LoadPfx(cert_data_or_path, password);
    mailMessage.CertificateFinder = CertificateFinder.CreateFinder(chain);
    mailMessage.Decrypt();
...