Creating a Mail client is quite simple. Simply set the Security property to the type of security/authentication desired, then simply connect to your Mail server, and handle all certificate-related issues in the CertificateReceived or CertificateRequested events.

S/MIME Message Signing

An outgoing message to be signed uses the sender's private key. The MessageStream will use a certificate (either provided by the caller, or found in the system certificate store) to obtain a private key to use in the message signing process. A mail agent that receives this signed message must have access to the sender public key to verify the message signature.

A signed message may be constructed in one of two ways, a Detached signature method, or a standard signing method. The Detached signature method constructs the message and signature in such a way that receiving agents may still view the message even if they are not S/MIME aware. Detached signature messages are two part MIME message. The first part of the message contains the message in clear text, while the second part contains the message signature as a base64 encoded attachment. A standard signed message consists of a single part MIME message; the part is a base64 encoded attachment consisting of the ASN encoded message, as well as the encoded message signature. This base64 encoding is what makes the message non-clear, and why a detached signature message may have some advantages over a standard signed message.

S/MIME Message Encryption

An outgoing message uses the recipient's public key to encrypt the message. The MessageStream will use a certificate's public key (either provided by the caller, or found in the system certificate store) to perform the message encryption. Only someone with the recipient's private key can decrypt the message. Much like a standard signed message, an encrypted message is made up of a single part MIME attachment. The attachment is a base64 encoded part that contains the ASN encoded form of the message contents.

S/MIME Certificates

Not every certificate can be used for S/MIME message encoding/decoding. The certificate must have an email address in the certificate's subject field. The MessageStream object (as well as receiving mail agents) use the email address contained in the From message header field to match up a certificate to be used when signing/verifying a message. Likewise, the email addresses contained in the To message header field are used to locate a certificate to be used in S/MIME message encryption/decryption.