Encrypting and signing Mail in .Net part 1/5
So the following couple of blog post will be about encrypting mails with attachments.
Today we start with creating certificates for signing the mails and encrypting them.
For this to make sensse we need to certificates, one for signing and on for each reciever of the mail in this example there will be only one reciever. I will be using win 7 so all screenshots shown will be from win 7 .
First we create two certificates, we do this by opening the visual studio command prompt.
the first certificate we create will be the signing certificate using this line
makecert -n “CN=SigningCert” -ss -sr Currentuser -pe -r
This will create a selfsigned certificates where there privatekey can be exported.
next we will create the certificate for encrypting and decrypting the mail content.
makecert -n “CN=Encrypting” -ss -sr Currentuser -pe -r
NOTE: CERTIFICATS ARE ONLY VALID FOR TEST
Note i’ve tried installing the certificates on the localmachine but every time it fails, with a write error, and yes I have logged in as administrator.
So now we need to setup the certificates for localmachine open mmc.exe.
Now we add to snap-ins one for the currentuser and one for the localmachine and snap-in for both should be certificates.
Do this by File-> Add/remove Snap-in
When you are done with this step you should have one snap-in fo currentuser and one for localmachine see image below
Next we will export the two certificates, same procedure for both certificates so i will only do it for the signing certificate open the currentuser personal certificate find the signingcert “right mouse click choose copy”, next go to the Localcomputer ->personal-Certificates and choose paste. Volia you should now be able to se the certificate. in your iis-manger.
HERE starts one of the most important steps i’ve had and error one trying to signing mails with a cert where the .Net user doesn’t have acces to the private key.
Right click the certificate. choose All task Manage Private Keys and give you .Net user full access. Or everyone for TEST ONLY.
The more correct way to do this step is on your current user right click your cert choose alltaks export and choose to export private key. This should work.
If this step is missing you will get the following error KEYSET DOES NOT EXIST OR CANNOT FIND PRIVATE KEY