Sending an Email that is Both Signed and Encrypted

Creating an S/MIME encrypted and signed email with Chilkat follows a consistent logic across all programming languages (C#, Python, VB.NET, C++, etc.). The Chilkat API maintains the same class and method names, changing only slightly to fit the syntax of the specific language (e.g., email.SendSigned = True in Python vs email.put_SendSigned(true) in C++).

1. The Core Concept

To send a secure email, you need two distinct certificates:

  • Your Certificate (Sender): Used to Sign the email. This requires your Private Key.
  • Their Certificate (Recipient): Used to Encrypt the email. This requires only their Public Key.

2. The Role of Each Certificate

The Sender's Certificate (Signing)

  • Purpose: Proves that you sent the message and that it hasn't been altered.
  • Why the Private Key? Signing works by creating a mathematical "hash" of your email content and encrypting that hash with your Private Key. Because you are the only person who possesses your private key, this acts as a unique digital signature.
  • Verification: The recipient uses your Public Key (attached to the email) to decrypt the signature. If it matches the email content, they know it came from you.

The Recipient's Certificate (Encryption)

  • Purpose: Ensures that only the intended recipient can read the message.
  • Why the Certificate Only (Public Key)? Encryption works by using the recipient's Public Key to "lock" (encrypt) the message. You do not need their private secret to lock the box; you only need their public lock.
  • Decryption: Once encrypted, the message can only be "unlocked" (decrypted) by the recipient using their corresponding Private Key.

3. Step-by-Step Implementation

Here is the general workflow using Chilkat methods.

Step A: Load the Sender's Certificate (for Signing)

You must load a certificate that contains a private key. This is typically a .pfx or .p12 file, or a certificate explicitly loaded from the Windows Certificate Store with access to the private key.

  • Class: Cert
  • Method: LoadPfxFile("myCert.pfx", "pfx_password")
    • Note: If the private key is not present, the HasPrivateKey() property will be false, and signing will fail.

Step B: Load the Recipient's Certificate (for Encryption)

You load the recipient's certificate, often provided as a .cer or .crt file. This file contains only public information.

  • Class: Cert
  • Method: LoadFromFile("recipient.cer")

Step C: Create and Configure the Email

You use the Email object to compose the message and tell Chilkat to apply security.

  • Class: Email
  • Method 1 (Apply Signer): SetSigningCert(senderCertObject)
    • Tell the email object which certificate acts as the signer.
  • Method 2 (Enable Signing): SendSigned = True
    • This property acts as a switch. If set to True, Chilkat will attempt to sign the email using the cert specified in Method 1.
  • Method 3 (Apply Encryption): SetEncryptCert(recipientCertObject)
    • Tell the email object which certificate should be used to encrypt the email for the specific recipient.
  • Method 4 (Enable Encryption): SendEncrypted = True
    • This switch tells Chilkat to encrypt the message body and attachments.

Step D: Send the Email

The actual signing and encryption happen internally when the MailMan class renders the email into MIME format during the sending process.

  • Class: MailMan
  • Method: SendEmail(emailObject)

4. Summary of Code Logic (Pseudo-code)

Regardless of the language, the logic looks like this:

// 1. Load Sender Cert (Must have Private Key)
certSender = new Cert()
success = certSender.LoadPfxFile("my_ID.pfx", "password")

// 2. Load Recipient Cert (Public Key Only)
certRecipient = new Cert()
success = certRecipient.LoadFromFile("recipient_public.cer")

// 3. Create Email
email = new Email()
email.Subject = "Secure Message"
email.Body = "This is a test."
email.AddTo("Recipient Name", "recipient@example.com")

// 4. Configure Security
// SIGNING
success = email.SetSigningCert(certSender)
email.SendSigned = True

// ENCRYPTION
success = email.SetEncryptCert(certRecipient)
email.SendEncrypted = True

// 5. Send
mailman = new MailMan()
mailman.SmtpHost = "smtp.example.com"
success = mailman.SendEmail(email)