EWS - digitally signed email (smime.p7m)

Question

I'm trying to read content of digitally signed email using EWS. Unfortunately, when I use an approach with EnvelopeCMS I get an exception:

System.Security.Cryptography.CryptographicException: ASN1 - bad tag value met.

in System.Security.Cryptography.Pkcs.EnvelopedCms.OpenToDecode(Byte[] encodedMessage)
in System.Security.Cryptography.Pkcs.EnvelopedCms.Decode(Byte[] encodedMessage) in myExchange.Email.DecryptToFile(Byte[] data)

(encodedMessage is smime.p7m attachment of an e-mail).

EDIT: this is a key code fragment:

foreach (Attachment attachment in emailMessage.Attachments)
{
    if (attachment is FileAttachment)
    {
         FileAttachment fileAttachment = attachment as FileAttachment;

         if (fileAttachment.Name == "smime.p7m")                        
         {
              byte[] content = fileAttachment.Content;

              MemoryStream stream = new MemoryStream();
              fileAttachment.Load(stream);
              StreamReader stReader = new StreamReader(stream);
              stream.Seek(0, SeekOrigin.Begin);
              content = stream.GetBuffer();

              var encrypted = new System.Security.Cryptography.Pkcs.EnvelopedCms();
              encrypted.Decode(content); // <==== Here occurs exception

              encrypted.Decrypt();
              byte[] unencryptedButRawMimeEntity = encrypted.ContentInfo.Content;
         }
    }
}

More about an e-mail - EWS output console says, that it has one attachment of "mutipart/signed" content-type

<m:ResponseCode>NoError</m:ResponseCode>
            <m:Attachments>
              <t:FileAttachment>
                <t:AttachmentId Id="AAMkADNi(... CUT ...)T5PWd/bDM=" />
                <t:Name>smime.p7m</t:Name>
                <t:ContentType>multipart/signed</t:ContentType>

Welcome to Stack Overflow! You will likely get more and better help if you post your code as well. When posting code, make sure it's a [minimal, complete and verifiable example](http://stackoverflow.com/help/mcve). — Lex Scarisbrick, Feb 21 '17 at 23:42
Try just fileAttachment.Load(); and then fileAttachment.Content will be the attactment. then try your decrypt stuff... maybe show what it means to be signed. also you are now working with the attachment and not the email not sure if both are signed and/or what that means. — Seabizkit, Feb 22 '17 at 08:28
@Rafal-Zak I have run in to the same problem. Did you find a solution for this? — Peter, Nov 21 '18 at 08:29

score 0 · Answer 1 · answered Feb 22 '17 at 09:11

0

not tested so please let me know I would imagine something like this...

foreach (Attachment attachment in emailMessage.Attachments)
{
    FileAttachment fileAttachment = attachment as FileAttachment
    if (attachment != null)
    {        
         fileAttachment.Load();
         if (fileAttachment.Name == "smime.p7m")                        
         {
              byte[] content = fileAttachment.Content;

              var encrypted = new EnvelopedCms();
              encrypted.Decode(content);
              encrypted.Decrypt();
              byte[] unencryptedButRawMimeEntity = encrypted.ContentInfo.Content;
         }
    }
}

answered Feb 22 '17 at 09:11

Seabizkit

2,417
2
15
32

This simplifies code, but result is the same - exception "ASN1 - bad tag value met" on encrypted.Decode() operation. I work on attachments, because I aim to get/check attachments from such email. It is marked as "signed" in Outlook and has one PDF attachment in it. For other emails code works ok, but the signed one looks like they have one "smime.p7m" attachment inside. – Rafal Zak Feb 22 '17 at 09:52
more about e-mail: EWS console output says, that it has one FileAttachment of Content-Type="multipart/signed" – Rafal Zak Feb 22 '17 at 10:01
i dont know, but following this http://stackoverflow.com/questions/21629206/ews-retrieving-attachments-from-signed-emails, which im sure you have looked at... is he suggesting that you need to decode the original mail which contains the attachment rather than the attachment itself. Sozs found it hard to follow maybe it makes more sense to you. – Seabizkit Feb 23 '17 at 09:42

EWS - digitally signed email (smime.p7m)

1 Answers1