I've run into an issue using the Verify API: https://www.chilkatsoft.com/refdoc/delphiMimeRef.html
My trading partner is not including a public key as part of the signature. According to the Verify documentation:
A PKCS7 signature usually embeds both the signing certificate with its public key. Therefore, it is usually possible to verify a signature without the need to already have the certificate installed. If the signature does not embed the certificate, the Verify method will automatically locate and use the certificate if it was correctly pre-installed on the computer.
Where on the computer is "correctly pre-installed"? I've tried loading the public key of the signing cert, the intermediate CA, and the root all into Local Computer > Trusted Root, as well as Intermediate Certification Authorities, and Third-Party Root Certification Authorities. We still mark the incoming message as untrusted. Which store do those certificates need to be installed in?