Using Outlook Object Model to check if a message is digitally signed

  • Thread starter Thread starter =?iso-8859-1?B?Sm/jbyBNYWlh?=
  • Start date Start date
?

=?iso-8859-1?B?Sm/jbyBNYWlh?=

Hello there,

Does anyone know if there is a way, in the Outlook object model, to
check whether a Message (a msg file) is digitally signed ?

I know that messages that are digitally signed have an attachment
called "smime.p7m", and I could just check the message for such an
attachment, but I wanted something more. If the message is signed, I
wanted to get some information from the certificate that was used to
sign it (such as the name of the user it was issued to, the issuer
Certificate Authority, the date of expiry, etc).

Please let me know if you know of anyway to do this from .NET 1.1
code.

Thanks in advance.

Cheers from Portugal,

Joao Maia
 
Checking for that attachment is certainly a viable strategy. IIRC, the MessageClass value will also be something other than IPM.Note.

The Outlook object model exposes no information about certificates, though.
 
I don't think you'd be able to do that - Outlook goes to great lengths to
make encrypted/signed messages appear as regular MailItem objects.

Dmitry Streblechenko (MVP)
http://www.dimastr.com/
OutlookSpy - Outlook, CDO
and MAPI Developer Tool
 
Dmitry Streblechenko said:
I don't think you'd be able to do that - Outlook goes to great lengths to
make encrypted/signed messages appear as regular MailItem objects.

Not that great, signed messages in Outlook have a visible attachment, which
is unfortunate as it makes signed email unusable to me (clients complain
that they can't distinguish emails from me that have explicit attachments,
from the rest, when all of my emails have the paperclip icon, by virtue of
being signed.)

The disturbing thing is, OE does it right, signed emails do not appear to
have a spurious attachment. Perhaps even more disturbing, I have to assume
that spurious attachment in Outlook is by design, as it has persisted across
at least 4 versions of Outlook. Could they be unaware that this usability
flaw is putting users off of signed email?

Anyway, whether the attachment is accessible I couldn't say, but if it is,
try using CAPICOM to extract details from the attached cert. (CAPICOM is a
crypto API COM object, freely available on MSDN.)


-Mark
 
I mean "goes to great lengths" in the Object Model. In the UI you can of
course see that this is not a regular message.

Dmitry Streblechenko (MVP)
http://www.dimastr.com/
OutlookSpy - Outlook, CDO
and MAPI Developer Tool
 
Back
Top