Chilkat 16-April-2022

Problem Report: Sending Signed Email with an Attachment

A user reported a problem where sending digitally signed email works fine for emails with no attachments, but verification on the receiving end failed for emails with attachments.  Chilkat tried the same, but (of course) everything worked for us.

(The problem turned out to be a user-error, i.e. not a problem in Chilkat.  Regardless, we think the user-error would’ve been avoided w/ opaque signing.  See below.)

Signed emails can be sent in two ways: (1) Content-Type: multipart/signed where the signature is attached and thus the content of the MIME source of the original email is still visible, or (2) Content-Type: application/x-pkcs7-mime , where the original content is contained within the base64 signature.  This is sometimes called an “opaque” signature.

It’s possible that something along the mail delivery route modified the MIME of the email having the attachment, and thus breaks the signature.  Sending an opaque signed email would prevent anything such thing from happening.

To send an opaque signed email, set the MailMan.OpaqueSigning property = true (or the value 1, True, _T_, etc depending on your programming language).   The default value for MailMan.OpaqueSigning is False.  This default value will be changed to True starting in Chilkat v9.5.0.91.   (It will be in the release notes.  Normally Chilkat does not change default values, but this is a situation where it is appropriate.)

SafeNet IDPrime 940

Improved Chilkat’s Cert.LoadFromSmartcard function to load the SafeNet IDPrime 940 smart card without causing the PIN dialog to show (on Windows), assuming the Cert.SmartCardPin property is set.

PKCS11 Find Certificate with Intended Key Usage

Added the ability to get the 1st cert having a specified intended key usage, such as non-repudiation.   See:  https://www.example-code.com/csharp/pkcs11_find_cert_key_usage.asp