Reputation: 11
Digitalsignature verification failed using Mimekit
We are trying to use MimeKit to validate the digitally signed emails(.p7m) signature. When I call signature.Verify(); it is throwing the error message:
{"Failed to verify digital signature: non-empty set required\r\nParameter name: value"}.
But the same mail was verified successfully by Limilabs.Mail.
I am using the below code to verify the signature.
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
foreach (var signature in signed.Verify())
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
Can anyone can help me on this why I am getting the error?
Upvotes: 0
Views: 1013
Answers (1)
Reputation: 38643
The problem here is that MimeKit, by default, uses the DefaultSecureMimeContext backend for S/MIME when the developer hasn't explicitly provided a context for use in the MultipartSigned.Verify() method invocation and also hasn't registered an alternative S/MIME context using CryptographyContext.Register().
Since the DefaultSecureMimeContext starts off with an empty database of S/MIME certificates, it has no trusted anchors (aka Root Certificate Authority certificates) and thus throws the exception you are seeing when it goes to build a certificate chain for the S/MIME signer when verifying the signature.
You can fix this either by importing some Root Certificate Authority certificates (preferably including the one needed in order to build the certificate chain for said signer) -or- by using the WindowsSecureMimeContext:
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
using (var ctx = new WindowsSecureMimeContext ()) {
foreach (var signature in signed.Verify(ctx))
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
}
Upvotes: 4
Related Questions
- Signing S/MIME with Mimekit (Certicate from store)
- Sign and Encrypt plain text file with digital certificate using MIMEKIT
- Sending email via C# Mailkit / Mimekit but server certificate error comes in
- Unable to decrypt p7m using MimeKit
- MimeKit encrypt Message with AES
- Mimekit installing certificates upon verify
- DKIM signing fails with body hash did not verify for Mimekit 1.10.1.0 , Mailkit 1.10.2.0
- How to check if a MIME message is encrypted or signed using Mimekit?
- Mimekit causing bad data when decrypting an email
- verify digital signed email with attachment "the hash value is not correct"