0 votes
by (120 points)
edited

Hello, we are evaluating your component and have actually the following problem. After a Decrypt() call I still have no access to Body, Attachments etc. If I load the certificate manually before all works fine.

            MailMessage m = new MailMessage();
            m.Load(filestream);

/*
            Certificate certificate = Certificate.LoadPfx(@"xyz.pfx", "pwd");
            var ch = new CertificateChain();
            ch.Add(certificate);
            m.CertificateFinder = CertificateFinder.CreateFinder(ch);
*/

            if (m.IsEncrypted && m.CanDecrypt)
            {
                textBox1.Text += "Mail is encrypted and will be decrypted";
                textBox1.Text += "\r\n";
                m.Decrypt();
            }
            textBox1.Text += m.BodyText;

Without the remarked code above Im.CanDecrypt is true and I get no bodytext in the textbox. Setting the certificate manually from the file it works fine. Is there a possibility without needing the certificate file ?

Thanks in advance Norbert Kessler

Applies to: Rebex Secure Mail

1 Answer

0 votes
by (58.9k points)
edited

Hello, to be able to decrypt the MailMessage you definitely need the certificate and the private key which are both stored in the *.pfx file. Without the private key, you will not be able to decrypt the MailMessage.

However, if you save the loaded Certificate into the Certificate Store, the certificate will be automatically used to decrypt the MailMessage as can be seen in the following example:

        MailMessage m = new MailMessage();
        m.Load("mail.eml");

        Certificate certificate = Certificate.LoadPfx("certificate.pfx", "password");
        CertificateStore store = new CertificateStore(Rebex.Security.Certificates.CertificateStoreName.My);
        store.AddCertificate(certificate); // adds certificat into My Store

        /* the commented piece of code is no longer needed
        var ch = new CertificateChain();
        ch.Add(certificate);
        m.CertificateFinder = Rebex.Security.Cryptography.Pkcs.CertificateFinder.CreateFinder(ch);*/

        Console.WriteLine(m.IsEncrypted);
        Console.WriteLine(m.CanDecrypt);

        if (m.IsEncrypted && m.CanDecrypt)
        {
            Console.WriteLine("Mail is encrypted and will be decrypted");
            Console.WriteLine("\r\n");
            m.Decrypt();
        }
        Console.WriteLine(m.BodyText);
by (120 points)
edited

Hello, sorry, that doesn't solve my problem. Of course I know that I need a certificate to decrypt a encrypted message. The certificate was already in my certificate store but to be sure I added it again as you wrote. The property CanDecrypt is true but the decrypt() command results in a error "CSP needs to display UI to operate." if I don't load the PFX before.

Any idea how to get rid of the error ?

Thanks in advance Norbert

by (148k points)
edited

Please try adding the following line of code:

    m.Silent = false;

This will allow the Cryptographic Service Provider to display a dialog asking whether it's OK to use a private key for decryption. After it's confirmed, decryption should work.

The requirement to display the dialog is determined by a checkbox when importing the .pfx file - if you check the "Enable string private key protection" option, a user will be promped every time the certificate's private key is used by an application. To get rid of it, try importing the .pfx file again with the box unchecked.

by (148k points)
edited

And sorry for explaining the obvious - this part of Tomas's answer was mostly intended for other users experiencing a similar problem who might stumble upon your question one day and might not be familiar enough with asymmetric cryptography yet.

...