public void Sign(MimeMessage message, PgpSecretKey key) { // digitally sign our message body using our custom GnuPG cryptography context using (var ctx = new MyGnuPGContext()) { message.Body = MultipartSigned.Create(ctx, key, DigestAlgorithm.Sha1, message.Body); } }
/* * Only signs the given MimeEntity */ private MultipartSigned SignEntity( Node entityNode, MimeEntity entity) { // Retrieving signature node to use for signing operation var signatureNode = entityNode ["signature"]; // Getting signature email as provided by caller var signatureAddress = GetSignatureMailboxAddress(signatureNode); // Figuring out signature Digest Algorithm to use for signature, defaulting to Sha256 var algo = signatureNode.GetChildValue("digest-algorithm", _context, DigestAlgorithm.Sha256); // Creating our Gnu Privacy Guard context using (var ctx = new GnuPrivacyContext()) { // Setting password to retrieve signing certificate from GnuPG context ctx.Password = signatureAddress.Item1; // Signing content of email and returning to caller return(MultipartSigned.Create( ctx, signatureAddress.Item2, algo, entity)); } }
public static bool SendSignedMessage(MimeMessage message) { bool IsMailSigned = false; // digitally sign our message body using our custom S/MIME cryptography context try { using (var ctx = new SecureMimeContext()) { var signer = new CmsSigner(P12Stream(), "<PWD>") { DigestAlgorithm = DigestAlgorithm.Sha1 }; message.Body = MultipartSigned.Create(ctx, signer, message.Body); } SendEmailByMailServer(message); IsMailSigned = true; } catch (Exception e) { Console.WriteLine(e.InnerException.ToString()); IsMailSigned = false; } return(IsMailSigned); }
public void TestPgpMimeSigning() { var self = new MailboxAddress("MimeKit UnitTests", "*****@*****.**"); var cleartext = new TextPart("plain"); cleartext.Text = "This is some cleartext that we'll end up signing..."; using (var ctx = new DummyOpenPgpContext()) { var multipart = MultipartSigned.Create(ctx, self, DigestAlgorithm.Sha1, cleartext); Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children."); var protocol = multipart.ContentType.Parameters["protocol"]; Assert.AreEqual(ctx.SignatureProtocol, protocol, "The multipart/signed protocol does not match."); Assert.IsInstanceOfType(typeof(TextPart), multipart[0], "The first child is not a text part."); Assert.IsInstanceOfType(typeof(ApplicationPgpSignature), multipart[1], "The second child is not a detached signature."); var signatures = multipart.Verify(ctx); Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures."); foreach (var signature in signatures) { try { bool valid = signature.Verify(); Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email); } catch (DigitalSignatureVerifyException ex) { Assert.Fail("Failed to verify signature: {0}", ex); } } } }
/* * Only signs the given MimeEntity. */ MultipartSigned SignEntity(Node entityNode, MimeEntity entity) { // Retrieving signature node to use for signing operation. var signatureNode = entityNode ["sign"]; // Getting signature email as provided by caller. var signatureAddress = GetSignatureMailboxAddress(signatureNode); /* * Figuring out signature Digest Algorithm to use for signature, defaulting to SHA256. * SHA256 should be safe, since there are no known collision weaknesses in it. * Therefor we default to SHA256, unlesss caller explicitly tells us he wants to use another algorithm. */ var algo = signatureNode.GetChildValue("digest-algorithm", _context, DigestAlgorithm.Sha256); /* * Creating our PGP context, passing in password specified by caller. */ using (var ctx = _context.RaiseEvent( ".p5.crypto.pgp-keys.context.create", new Node("", false, new Node [] { new Node("password", signatureAddress.Item1), new Node("fingerprint", signatureNode ["fingerprint"]?.GetExChildValue <string> ("fingerprint", _context, null) ?? _context.RaiseEvent("p5.auth.pgp.get-fingerprint").Get <string> (_context)) })) .Get <OpenPgpContext> (_context)) { // Signing content of email and returning to caller. return(MultipartSigned.Create( ctx, signatureAddress.Item2, algo, entity)); } }
/* * tries to sign a MimeEntity */ public static MimeEntity SignEntity(MimeEntity entity, MailboxAddress signer) { using (WindowsSecureMimeContext ctx = new WindowsSecureMimeContext(sys.StoreLocation.CurrentUser)) { return(MultipartSigned.Create(ctx, signer, DigestAlgorithm.Sha1, entity)); } }
public void MultipartSign(MimeMessage message) { // digitally sign our message body using our custom S/MIME cryptography context using (var ctx = new MySecureMimeContext()) { // Note: this assumes that the Sender address has an S/MIME signing certificate // and private key with an X.509 Subject Email identifier that matches the // sender's email address. var sender = message.From.Mailboxes.FirstOrDefault(); message.Body = MultipartSigned.Create(ctx, sender, DigestAlgorithm.Sha1, message.Body); } }
public void MultipartSign(MimeMessage message, X509Certificate2 certificate) { // digitally sign our message body using our custom S/MIME cryptography context using (var ctx = new MySecureMimeContext()) { var signer = new CmsSigner(certificate) { DigestAlgorithm = DigestAlgorithm.Sha1 }; message.Body = MultipartSigned.Create(ctx, signer, message.Body); } }
public void TestMultipartSignedSignUsingKeys() { var body = new TextPart("plain") { Text = "This is some cleartext that we'll end up signing..." }; var self = new SecureMailboxAddress("MimeKit UnitTests", "*****@*****.**", "44CD48EEC90D8849961F36BA50DCD107AB0821A2"); PgpSecretKey signer; using (var ctx = new DummyOpenPgpContext()) { signer = ctx.GetSigningKey(self); foreach (DigestAlgorithm digest in Enum.GetValues(typeof(DigestAlgorithm))) { if (digest == DigestAlgorithm.None || digest == DigestAlgorithm.DoubleSha || digest == DigestAlgorithm.Tiger192 || digest == DigestAlgorithm.Haval5160 || digest == DigestAlgorithm.MD4) { continue; } var multipart = MultipartSigned.Create(signer, digest, body); Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children."); var protocol = multipart.ContentType.Parameters["protocol"]; Assert.AreEqual("application/pgp-signature", protocol, "The multipart/signed protocol does not match."); var micalg = multipart.ContentType.Parameters["micalg"]; var algorithm = ctx.GetDigestAlgorithm(micalg); Assert.AreEqual(digest, algorithm, "The multipart/signed micalg does not match."); Assert.IsInstanceOf <TextPart> (multipart[0], "The first child is not a text part."); Assert.IsInstanceOf <ApplicationPgpSignature> (multipart[1], "The second child is not a detached signature."); var signatures = multipart.Verify(); Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures."); foreach (var signature in signatures) { try { bool valid = signature.Verify(); Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email); } catch (DigitalSignatureVerifyException ex) { Assert.Fail("Failed to verify signature: {0}", ex); } } } } }
/// <summary> /// Creates an S/MIME message using the supplied MimeBodyPart. The signature is generated using the private key /// as supplied in the constructor. Our certificate, which is required to verify the signature is enclosed. /// </summary> /// <param name="mimeBodyPart"></param> /// <param name="digestMethod"></param> /// <returns></returns> public MimeMessage CreateSignedMimeMessage(MimeMessage mimeBodyPart, SMimeDigestMethod digestMethod) { MimeMessage message = new MimeMessage(); using (var ctx = this.secContentFactory()) { // Algorithm lookup DigestAlgorithm algorithm; if (digestMethod.Equals(SMimeDigestMethod.Sha1)) { algorithm = DigestAlgorithm.Sha1; } else if (digestMethod.Equals(SMimeDigestMethod.Sha512)) { algorithm = DigestAlgorithm.Sha512; } else { throw new NotSupportedException($"Algorithm {digestMethod.GetAlgorithm()} not supported"); } // Signer identification var cmsSigner = new CmsSigner(this.ourCertificate, this.privateKey) { DigestAlgorithm = algorithm }; // Create and sign message message.Body = MultipartSigned.Create(ctx, cmsSigner, mimeBodyPart.Body); // Force signed content to be transferred in binary format MimePart xml = (MimePart)message.BodyParts.First(); xml.ContentTransferEncoding = ContentEncoding.Binary; } // Remove unused headers foreach (var header in message.Headers.Select(x => x.Id).ToList()) { if (header != HeaderId.MessageId && header != HeaderId.MimeVersion && header != HeaderId.ContentType) { message.Headers.Remove(header); } } return(message); }
public void TestSecureMimeSigning() { var self = new MailboxAddress("MimeKit UnitTests", "*****@*****.**"); var cleartext = new TextPart("plain"); cleartext.Text = "This is some cleartext that we'll end up signing..."; using (var ctx = CreateContext()) { var multipart = MultipartSigned.Create(ctx, self, DigestAlgorithm.Sha1, cleartext); Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children."); var protocol = multipart.ContentType.Parameters["protocol"]; Assert.AreEqual(ctx.SignatureProtocol, protocol, "The multipart/signed protocol does not match."); Assert.IsInstanceOfType(typeof(TextPart), multipart[0], "The first child is not a text part."); Assert.IsInstanceOfType(typeof(ApplicationPkcs7Signature), multipart[1], "The second child is not a detached signature."); var signatures = multipart.Verify(ctx); Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures."); foreach (var signature in signatures) { try { bool valid = signature.Verify(); Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email); } catch (DigitalSignatureVerifyException ex) { Assert.Fail("Failed to verify signature: {0}", ex); } var algorithms = ((SecureMimeDigitalSignature)signature).EncryptionAlgorithms; Assert.AreEqual(EncryptionAlgorithm.Camellia256, algorithms[0], "Expected Camellia-256 capability"); Assert.AreEqual(EncryptionAlgorithm.Aes256, algorithms[1], "Expected AES-256 capability"); Assert.AreEqual(EncryptionAlgorithm.Camellia192, algorithms[2], "Expected Camellia-192 capability"); Assert.AreEqual(EncryptionAlgorithm.Aes192, algorithms[3], "Expected AES-192 capability"); Assert.AreEqual(EncryptionAlgorithm.Camellia128, algorithms[4], "Expected Camellia-128 capability"); Assert.AreEqual(EncryptionAlgorithm.Aes128, algorithms[5], "Expected AES-128 capability"); Assert.AreEqual(EncryptionAlgorithm.Idea, algorithms[6], "Expected IDEA capability"); Assert.AreEqual(EncryptionAlgorithm.Cast5, algorithms[7], "Expected Cast5 capability"); Assert.AreEqual(EncryptionAlgorithm.TripleDes, algorithms[8], "Expected Triple-DES capability"); //Assert.AreEqual (EncryptionAlgorithm.RC2128, algorithms[9], "Expected RC2-128 capability"); //Assert.AreEqual (EncryptionAlgorithm.RC264, algorithms[10], "Expected RC2-64 capability"); //Assert.AreEqual (EncryptionAlgorithm.Des, algorithms[11], "Expected DES capability"); //Assert.AreEqual (EncryptionAlgorithm.RC240, algorithms[12], "Expected RC2-40 capability"); } } }
public void Sign(MimeMessage message) { // digitally sign our message body using our custom GnuPG cryptography context using (var ctx = new MyGnuPGContext()) { // Note: this assumes that the Sender address has an S/MIME signing certificate // and private key with an X.509 Subject Email identifier that matches the // sender's email address. // // If this is not the case, you can use a SecureMailboxAddress instead of a // normal MailboxAddress which would allow you to specify the fingerprint // of the sender's private PGP key. You could also choose to use one of the // Create() overloads that take a PgpSecretKey, instead. var sender = message.From.Mailboxes.FirstOrDefault(); message.Body = MultipartSigned.Create(ctx, sender, DigestAlgorithm.Sha1, message.Body); } }
/* * returns true if email address can sign email */ public static bool CanSign(string email) { try { MailboxAddress signer = new MailboxAddress("", email); TextPart entity = new TextPart("text"); using (WindowsSecureMimeContext ctx = new WindowsSecureMimeContext(sys.StoreLocation.CurrentUser)) { MultipartSigned.Create(ctx, signer, DigestAlgorithm.Sha1, entity); return(true); } } catch { return(false); } }
/* * Cryptographically signs an entity. */ static MultipartSigned Sign( MimeEntity entity, string armoredPrivateKey, string keyPassword) { var algo = DigestAlgorithm.Sha256; using (var ctx = new CreatePgpMimeContext { Password = keyPassword }) { return(MultipartSigned.Create( ctx, PgpHelpers.GetSecretKeyFromAsciiArmored(armoredPrivateKey), algo, entity)); } }