MailMessage.CheckSignature Issue

australian.dev.nerds · January 28, 2023, 5:43am

Hello, wonder why MailMessage.CheckSignature is not X509Certificate2Collection and is array! Anyway, it seems to work for clear-signed email, but I’ve loaded a signed + encrypted email to see if both certificates are also saved and got exception on line: .CheckSignature()
CryptographicException: Invalid cryptographic message type.

The required certificates are all installed in My Store.
Since I just need to save the certificates (signing & encryption) of message and nothing else, should not use Decrypt as it will remove the encryption certificate (I guess), although using Decrypt before CheckSignature will cause no difference and still got the exception!

Sample project + sample eml to reproduce the issue:
WindowsApplication1.zip (29.8 KB)

dmitry.samodurov · January 28, 2023, 6:24am

We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): EMAILNET-40942

You can obtain Paid Support services if you need support on a priority basis, along with the direct access to our Paid Support management team.

australian.dev.nerds · January 28, 2023, 7:03am

Hello and good morning, just asking about the reply template, when mentioned will deliver their fixes means the bug is confirmed? or pending analysis?

Anyway a quick question: When looping through certificates of CheckSignature returned array, how to distinguish if the current certificate is signing or encryption certificate?
Thank you

dmitry.samodurov · January 28, 2023, 2:33pm

@australian.dev.nerds,

just asking about the reply template, when mentioned will deliver their fixes means the bug is confirmed? or pending analysis?

It depends on the issue. In this case, I reproduced the problem, but I didn’t dig deeper into its cause so as not to waste time. I created an investigation ticket to be further considered by the developer.

When looping through certificates of CheckSignature returned array, how to distinguish if the current certificate is signing or encryption certificate?

I forwarded this question to the developer as well.

Thank you.

australian.dev.nerds · January 28, 2023, 6:44pm

Thanks, please kindly attach this note if you don’t mind please:

How do you think about adding X509Certificate2Collection overload instead of the (not-a-perfect-choice) array for CheckSignature return type?

dmitry.samodurov · January 28, 2023, 10:19pm

@australian.dev.nerds,

I have added your request to the ticket. Thanks.

australian.dev.nerds · March 4, 2023, 2:23am

Hello, is this case yet fixed? Being able to extract the signing/encryption certs from email seems wise.

dmitry.samodurov · March 4, 2023, 10:10am

@australian.dev.nerds,

The ticket is still open, so the fix is not ready yet. Thanks.