PowerTCP Mail for .NET can be used to sign and encrypt email messages using S/MIME.
An outgoing message is signed using the sender's private key. The MailMessage uses a certificate, either provided by the caller or found in the system certificate store to obtain a private key to use in the message signing process. A mail agent that receives a signed message must have access to the sender's public key to verify the message signature. This public key is often included with a signed message, so the receipt of a signed message is the first step in sharing a public key.
Typically, signing certificates are found in the "CURRENT USER / MY" (a.k.a "Personal") store.
A signed message may be constructed in one of two ways: with a Detached signature method or a standard signing method.
The Detached signature method constructs the message and signature in a way that permits receiving agents to view the message, even if they are S/MIME unaware. A Detached signature message is a two-part MIME message. The first part contains the message in clear text, while the second part contains the message signature as a base64 encoded attachment.
On the other hand, a standard signed message consists of a single part MIME message. This part is a base64 encoded attachment containing both the ASN encoded message and the encoded message signature. This base64 encoding makes the message non-clear, and is why a detached signature message may be preferred over a standard signed message.
An outgoing message is encrypted using the recipient's public key. The MailMessage uses a certificate's public key (either provided by the caller or found in the system certificate store) to perform the message encryption. Only the owner of the recipient's private key can decrypt the message. Much like a standard signed message, an encrypted message is made up of a single part MIME attachment. The attachment is a base64 encoded part that contains the ASN encoded form of the message contents.
Typically, encrypting certificates are found in the "CURRENT USER / ADDRESSBOOK" (a.k.a "Other People") store.
Not every certificate can be used for S/MIME message encoding/decoding. The certificate must have an email address in the certificate's subject field. The MailMessage object (as well as receiving mail agents) matches a message's "From" email address with a certificate to be used when signing/verifying the message. Likewise, the email addresses contained in the "To" message header field are used to locate a certificate for S/MIME message encryption/decryption.