Archived Forum Post

Index of archived forum posts


S/MIME v3 versus v2

Nov 13 '12 at 12:10


the S/MIME v2 need a certificate with the hole email adress (like the S/MIME v3 accept a domain cert, that means, the cert inkludet only the eMal adress like but the cert is valid vor all email adress for

Accept/find the chilkat-functions FindCertForEmail and SendEncrypted this domain certifactes and distinguishes between S/MIME v2 and v3?


If an email is to be sent encrypted by only setting the "SendEncrypted" property = true, then the Chilkat internals will search for a certificate that contains the exact email address of the recipient. On all operating systems, the cert will be searched in all PFX's indicated by calls to AddPfxSourceFile and/or AddPfxSourceData. On Windows systems, the registry-based certificate stores are also searched.

However, it is possible to use a certificate for encryption that does not exactly match the email address of the recipient. To do this, you would call the emailObject.SetEncryptCert method, passing the desired certificate object.

The problem then becomes a matter of locating the desired certificate. The FindCertForEmail(searchStr) method searches for a matching cert such that cert's "E" part of the Subject matches the searchStr, or the "Alternative RFC822 Name" found in an particular extension, matches the searchStr. The searchStr is typically a whole email address, but it need not be. It can be any string that would match these fields within the certificate.



and thanks for your answer. Your description is ok and works.

but, the emailObject.SetEncryptCert method encrypt the email with the selected cert for all receiver, also for CC and BC receiver

Normaly, only the TO receiver have the cert with the private key. The other receiver can not decrypt the email.

The email.SendEncrypted function used more then one certificate in the case, that the email has more then one receiver (used certificates for each of the CC and BC receiver)