Decrypting Message

0 votes
asked Sep 3, 2012 by Norbert Kessler (120 points)
edited Sep 11, 2012

Hello, we are evaluating your component and have actually the following problem. After a Decrypt() call I still have no access to Body, Attachments etc. If I load the certificate manually before all works fine.

            MailMessage m = new MailMessage();
            m.Load(filestream);

/*
            Certificate certificate = Certificate.LoadPfx(@"xyz.pfx", "pwd");
            var ch = new CertificateChain();
            ch.Add(certificate);
            m.CertificateFinder = CertificateFinder.CreateFinder(ch);
*/

            if (m.IsEncrypted && m.CanDecrypt)
            {
                textBox1.Text += "Mail is encrypted and will be decrypted";
                textBox1.Text += "\r\n";
                m.Decrypt();
            }
            textBox1.Text += m.BodyText;

Without the remarked code above Im.CanDecrypt is true and I get no bodytext in the textbox. Setting the certificate manually from the file it works fine. Is there a possibility without needing the certificate file ?

Thanks in advance Norbert Kessler

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Sep 4, 2012 by Tomas Knopp (58,890 points)
edited Sep 11, 2012

Hello, to be able to decrypt the MailMessage you definitely need the certificate and the private key which are both stored in the *.pfx file. Without the private key, you will not be able to decrypt the MailMessage.

However, if you save the loaded Certificate into the Certificate Store, the certificate will be automatically used to decrypt the MailMessage as can be seen in the following example:

        MailMessage m = new MailMessage();
        m.Load("mail.eml");

        Certificate certificate = Certificate.LoadPfx("certificate.pfx", "password");
        CertificateStore store = new CertificateStore(Rebex.Security.Certificates.CertificateStoreName.My);
        store.AddCertificate(certificate); // adds certificat into My Store

        /* the commented piece of code is no longer needed
        var ch = new CertificateChain();
        ch.Add(certificate);
        m.CertificateFinder = Rebex.Security.Cryptography.Pkcs.CertificateFinder.CreateFinder(ch);*/

        Console.WriteLine(m.IsEncrypted);
        Console.WriteLine(m.CanDecrypt);

        if (m.IsEncrypted && m.CanDecrypt)
        {
            Console.WriteLine("Mail is encrypted and will be decrypted");
            Console.WriteLine("\r\n");
            m.Decrypt();
        }
        Console.WriteLine(m.BodyText);
commented Sep 10, 2012 by Norbert Kessler (120 points)
edited Sep 10, 2012

Hello, sorry, that doesn't solve my problem. Of course I know that I need a certificate to decrypt a encrypted message. The certificate was already in my certificate store but to be sure I added it again as you wrote. The property CanDecrypt is true but the decrypt() command results in a error "CSP needs to display UI to operate." if I don't load the PFX before.

Any idea how to get rid of the error ?

Thanks in advance Norbert

commented Sep 11, 2012 by Lukas Pokorny (121,750 points)
edited Sep 11, 2012

Please try adding the following line of code:

    m.Silent = false;

This will allow the Cryptographic Service Provider to display a dialog asking whether it's OK to use a private key for decryption. After it's confirmed, decryption should work.

The requirement to display the dialog is determined by a checkbox when importing the .pfx file - if you check the "Enable string private key protection" option, a user will be promped every time the certificate's private key is used by an application. To get rid of it, try importing the .pfx file again with the box unchecked.

commented Sep 11, 2012 by Lukas Pokorny (121,750 points)
edited Sep 11, 2012

And sorry for explaining the obvious - this part of Tomas's answer was mostly intended for other users experiencing a similar problem who might stumble upon your question one day and might not be familiar enough with asymmetric cryptography yet.

...