Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

  

  

  Chilkat ActiveX Components

  Chilkat .NET Components

  Chilkat C++ Libraries

  

  

  

  

 

FAQ

DOWNLOAD ReferenceVersions

S/MIME Security Features

* Important: To send digitally signed email from ASP, or to decrypt an encrypted email in ASP, you must be careful to avoid certain situations that are described HERE, or your web server will hang.

Chilkat Mail makes it easy to send and receive secure emails. You can send encrypted or digitally signed emails, or emails that are both encrypted and signed. When ChilkatMail receives an email, it will automatically try to decrypt all encrypted parts, and verify all attached signatures. First we'll discuss sending secure emails, then receiving them.

Sending Secure Email

Sending a secure email is easy. You simply need to tell ChilkatMail that you want to send the email encrypted or signed, and you need to have the appropriate certificate available for ChilkatMail to find.

There are two ChilkatEmail properties that determine what security is applied to an email when sent: SendSigned and SendEncrypted. Both are Boolean, and simply setting one or both of them to TRUE will cause the email to be sent encrypted, signed, or both. Here is an example in Visual Basic:

    Set email = New ChilkatEmail
    email.AddTo "John Smith", "jsmith@chilkatsoft.com"
    email.Subject = "Hello! This is a test e-mail"
    email.Body = "This is an email from Chilkat Software."
    email.From = "admin@chilkatsoft.com"
    ' Set the following property to True to send the email with a digital signature
    email.SendSigned = True
    ' Set the following property to True to send the email encrypted.  Set both
    ' properties to true to send signed and encrypted.
    email.SendEncrypted = True

Digital Certificates

Sending a Digitally Signed Email

To send a signed email you must have a certficate with a private key where the certficate's subject contains the email address of the sender. Since the public key is sent along with the digitally signed email, any recipient can verify that the message contents haven't been altered.

Which certificate on my system is used for signing an email?

Chilkat Mail looks for a certificate that has the sender's email address in the certficate's subject in one of the following certficate stores that are located in the Windows Registry, in this order:

  1. The HKEY_LOCAL_MACHINE certificate store.
  2. The Chilkat certificate store, which is automatically created by ChilkatMail if it doesn't exist:
    HKEY_LOCAL_MACHINE/Software/Chilkat/SystemCertificates
  3. The Microsoft Outlook certificate store, which is where Outlook stores certificates associated with contacts in the Address Book:
    HKEY_CURRENT_USER/Software/Microsoft/SystemCertificates/AddressBook
  4. The HKEY_CURRENT_USER certificate store.

What if I don't have a certificate?

If you don't have a certificate, you can obtain one from a Certificate Authority, or you can run the Microsoft Certificate Server on a Windows NT/2000 server to provide certficates, although those won't be trusted by the outside world. You can get a free certificate at http://www.thawte.com. You can also purchase a certificate from Verisign.

Sending an Encrypted Email

To send an encrypted email, you must have the recipient's public key (i.e. his certificate). Only the recipient can decrypt the message, because only the recipient has his certificate with the private key.

When sending encrypted email, you cannot send to more than one recipient. This is because the message is encrypted using the recipient's public key.

Which certificate on my system is used for encrypting an email?

Chilkat Mail looks for a certificate that has the recipient's email address in the certficate's subject in one of the following certficate stores that are stored in the Windows Registry, in this order:

  1. The HKEY_LOCAL_MACHINE certificate store.
  2. The Chilkat certificate store, which is automatically created by ChilkatMail if it doesn't exist:
    HKEY_LOCAL_MACHINE/Software/Chilkat/SystemCertificates
  3. The Microsoft Outlook certificate store, which is where Outlook stores certificates associated with contacts in the Address Book:
    HKEY_CURRENT_USER/Software/Microsoft/SystemCertificates/AddressBook
  4. The HKEY_CURRENT_USER certificate store.

How Do I Get Someone Else's Certificate With Their Public Key?

You cannot send an encrypted email until you have the recipient's certificate with their public key. You can get this in many ways, and here are a few:

  1. If you are using ChilkatMail to receive email, simply have the other party send you a digitally signed email. ChilkatMail automatically saves any certificates received in signed emails to the Chilkat certificate store (HKEY_LOCAL_MACHINE/Software/Chilkat/SystemCertificates).
  2. If you are using Microsoft Outlook to receive email, simply have the other party send you a digitally signed email. Here are the instructions from Microsoft Outlook's Help:

    Add a digital ID to your contacts list

    1) Open a message that has a digital ID attached.
    To have the sender attach a digital ID to a message, ask him or her to send you a digitally signed e-mail message.

    2) Right-click the name in the From field, and then click Add to Contacts on the shortcut menu.

    3) If there is already an entry for this person on your contacts list, click Overwrite this address.The digital ID is now stored with your contact entry for this recipient. You can now send encrypted e-mail messages to this person.

    4) To view the certificates for a contact, double-click the person's name, and then click the Certificates tab.

  3. Have the other party export their certificate to a ".cer" file and send it to you. Double-click on the file and Windows should help install the certificate on the system. By default, it should be saved in the Current User Certificate Store, which is the 3rd place ChilkatMail looks for certificates.

    Below, you can download my certificate which I obtained from http://www.thawte.com. Once you get it, double click on it to see if your system recognizes the file type and can install it. If you do that, you can then send me encrypted emails. (Feel free to send one or two for testing if you'd like.)

    Certificate (.cer) file for fausey@chilkatsoft.com: certificate.zip

Receiving Secure Email

ChilkatMail automatically decrypts and verifies signatures attached to an email, in part or whole. The email you receive from the CopyMail and TransferMail methods is how the email would appear had security never been applied. You can check an email's properties to see if security features were present, and if the email was successfully decrypted/verified.

ChilkatEmail Security Related Properties

  1. ReceivedSigned (Boolean) - TRUE if the email was received with a digital signature.
  2. ReceivedEncrypted (Boolean) - TRUE if the email was received encrypted.
  3. SignaturesValid (Boolean) - TRUE if all digital signatures were verified. (meaning the email was not altered)
  4. Decrypted (Boolean) - TRUE if the email was successfully decrypted.
  5. SignedBy (String) - The details of the certificate used to sign the email.
  6. EncryptedBy (String) - The details of the certificate used to encrypt the email.


Privacy Statement. Copyright 2000-2008 Chilkat Software, Inc. All rights reserved.
Send feedback to support@chilkatsoft.com
Components for Microsoft Windows XP, 2000, 2003 Server, Vista, and Windows 95/98/NT4.