Sending Encrypted E-Mails in C#

  • Article

So I was faced with the problem of sending an encrypted email to a group of people.  Not really thinking, I responded with sure we can do that no problem. Getting back to my desk I started working on the project to find out that it turns out to be more difficult then I had thought.

Doing some internet searches, I found several commercial products that allow you to encrypt emails.  I also found several discussions where people got close to what they were after, most were just after digital signatures without attachments.  Nothing close to a full package.

After a few hours worth of digging I finally was able to come up with a solution that met my needs, multiple addressees and multiple attachments.  Below is the code, note that you need to add a reference to System.Security in your Visual Studio Project to compile this code.

 

 using System;

 using System.Text;

 using System.Net.Mail;

 using System.IO;

 using System.Security.Cryptography.Pkcs;

 using System.Security.Cryptography.X509Certificates;

  

 namespace CommonUtilities

 {

     //requires reference to System.Security

     class EmailUtil

     {

         public static void SendEncryptedEmail(string[] to, string from, string subject, string body, string[] attachments)

         {

             MailMessage message = new MailMessage();

             message.From = new MailAddress(from);

             message.Subject = subject;

  

             if (attachments != null && attachments.Length > 0)

             {

                 StringBuilder buffer = new StringBuilder();

                 buffer.Append("MIME-Version: 1.0\r\n");

                 buffer.Append("Content-Type: multipart/mixed; boundary=unique-boundary-1\r\n");

                 buffer.Append("\r\n");

                 buffer.Append("This is a multi-part message in MIME format.\r\n");

                 buffer.Append("--unique-boundary-1\r\n");

                 buffer.Append("Content-Type: text/plain\r\n");  //could use text/html as well here if you want a html message

                 buffer.Append("Content-Transfer-Encoding: 7Bit\r\n\r\n");

                 buffer.Append(body);

                 if (!body.EndsWith("\r\n"))

                     buffer.Append("\r\n");

                 buffer.Append("\r\n\r\n");

  

                 foreach (string filename in attachments)

                 {

                     FileInfo fileInfo = new FileInfo(filename);

                     buffer.Append("--unique-boundary-1\r\n");

                     buffer.Append("Content-Type: application/octet-stream; file=" + fileInfo.Name + "\r\n");

                     buffer.Append("Content-Transfer-Encoding: base64\r\n");

                     buffer.Append("Content-Disposition: attachment; filename=" + fileInfo.Name + "\r\n");

                     buffer.Append("\r\n");

                     byte[] binaryData = File.ReadAllBytes(filename);

  

                     string base64Value = Convert.ToBase64String(binaryData, 0, binaryData.Length);

                     int position = 0;

                     while (position < base64Value.Length)

                     {

                         int chunkSize = 100;

                         if (base64Value.Length - (position + chunkSize) < 0)

                             chunkSize = base64Value.Length - position;

                         buffer.Append(base64Value.Substring(position, chunkSize));

                         buffer.Append("\r\n");

                         position += chunkSize;

                     }

                     buffer.Append("\r\n");

                 }

  

                 body = buffer.ToString();

             }

             else

             {

                 body = "Content-Type: text/plain\r\nContent-Transfer-Encoding: 7Bit\r\n\r\n" + body;

             }

  

             byte[] messageData = Encoding.ASCII.GetBytes(body);

             ContentInfo content = new ContentInfo(messageData);

             EnvelopedCms envelopedCms = new EnvelopedCms(content);

             CmsRecipientCollection toCollection = new CmsRecipientCollection();

             foreach (string address in to)

             {

                 message.To.Add(new MailAddress(address));

                 X509Certificate2 certificate = null; //Need to load from store or from file the client's cert

                 CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, certificate);

                 toCollection.Add(recipient);

             }

  

             envelopedCms.Encrypt(toCollection);

             byte[] encryptedBytes = envelopedCms.Encode();

  

             //add digital signature:

             SignedCms signedCms = new SignedCms(new ContentInfo(encryptedBytes));

             X509Certificate2 signerCertificate = null; //Need to load from store or from file the signer's cert

             CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signerCertificate);

             signedCms.ComputeSignature(signer);

             encryptedBytes = signedCms.Encode();

             //end digital signature section

  

             MemoryStream stream = new MemoryStream(encryptedBytes);

             AlternateView view = new AlternateView(stream, "application/pkcs7-mime; smime-type=signed-data;name=smime.p7m");

             message.AlternateViews.Add(view);

  

             SmtpClient client = new SmtpClient("your.smtp.mailhost");

             //add authentication info if required by your smtp server etc...

             //client.Credentials = CredentialCache.DefaultCredentials;

             client.Send(message);

         }

     }

 }

  

This should get you pretty much everything you need. The only thing left is to load the certificates from somewhere.  I used a function to load them from the current users certificate store on the machine.  I have a previous blog posting on how to load the certificates from the store.  The trick comes in to fetching the certificates for unknown parties etc.