0 votes
by (210 points)

Is there a way to check if the signing certificate of a Mime Message is derived from a particular root certificate? I would like to do this right after I have verified the signature style and before I start processing the message.

if (_mimeMimeMessage.Kind != MimeEntityKind.Signed || _mimeMimeMessage.SignatureStyle != MimeSignatureStyle.Detached)
   throw new Exception("Message is not a signed with a detached signature");    

// TODO: check against the correct root certificatge

SignatureValidationResult validationResult = _mimeMimeMessage.ValidateSignature(false, ValidationOptions.IgnoreWrongUsage);
if (!validationResult.Valid) ....
Applies to: Rebex Secure Mail

1 Answer

0 votes
by (144k points)

A MIME message can have multiple signers and information about them is available in MimeMessage/MimeEntity's SignedContentInfo.SignerInfos collection. Each signer has an associated certificate chain which should contain the root certificate.

For example, to get root certificate of the first signer, use the following code:

Certificate rootCertificate = _mimeMimeMessage.SignedContentInfo.SignerInfos[0].CertificateChain.RootCertificate

Please note that CertificateChain might be null if the certificates were not embedded in the message and not present in local certificate stores. Also, the chain might be incomplete, which would result in RootCertificate being null. I have not included checks for these conditions in the sample code above for simplicity.