Opening encrypted emails with c#

Question

I'm working in Visual Studio 2012 to build a relatively simple add-in for Outlook 2010. Machines are Win 7 Enterprise 32 and 64. The purpose of the add-in is to decrypt email messages directly in the user's inbox so that they can be easily searched in .pst archives or saved to network folders as .msg files unencrypted. The emails are encrypted using the x.509 PKI with the private keys stored on a smart card which prompts the user for a PIN each time an encrypted email is opened. This is what I have so far:

private void buttonDecrypt_Click(object sender, RibbonControlEventArgs e)    {
  currentExplorer = Globals.ThisAddIn.Application.ActiveExplorer();
  if (currentExplorer.Selection.Count > 0)      {
    for (int i = 0; i < currentExplorer.Selection.Count; i++)        {
      Object selObject = currentExplorer.Selection[i+1];
      if (selObject is Microsoft.Office.Interop.Outlook.MailItem)          {
        Microsoft.Office.Interop.Outlook.MailItem mailItem = 
          (selObject as Microsoft.Office.Interop.Outlook.MailItem);      
        mailItem.PropertyAccessor.SetProperty("http://schemas.microsoft.com/mapi/proptag/0x6E010003", 0);
        mailItem.Save();
      }                    
    }                
  }
}

If I manually open an encrypted email in Outlook, I get prompted for my PIN which allows the email to open fine. Then if I close the email and hit my new button on the ribbon it does exactly what I want by re-saving the email unencrypted directly in my inbox. However, if I select more than one email at once, or don't open the message manually first, my code errors on mailItem.PropertyAccessor.Setproperty() with message COMException was unhandled by user code: Your Digital ID name cannot be found by the underlying security system. This tells me I need a way to prompt the user for their PIN prior to attempting to open the email.

Answer 1

I don't think there is much you can do using the Outlook Object Model alone. OOM tries very hard to represent signed or encrypted messages as regular IPM.Note items. It goes as far as exposing a fake IMessage MAPI object from the MailItem.MAPIOBJECT property.

When you set the PR_SECURITY_FLAGS property, Outlook knows to decrypt the message. There is no way to specify how the decryption will be done or provide any parameters. That property is nothing but a hack to encrypt / decrypt Outlook messages; it only works when the property is set using MailItem.PropertyAccessor.SetProperty.

Ultimately what you need is the data from the P7M attachment stored by the encrypted/signed message. You can see this in OutlookSpy (I am its author): if you click the IMessage button on the OutlookSpy toolbar (it uses MailItem.MAPIOBJECT), you will see the regular decrypted message. But if you click the IMAPISecureMesage in the IMessage window or open the message from the IMAPIFolder | GetContentsTable tab, you will see the raw encrypted message and its P7M attachment.

To extract that attachment, you will need either Extended MAPI (C++ or Delphi only) or a wrapper like Redemption (I am also its author - use RDOSession.GetMessageFromID). Redemption also exposes the RDOEncryptedMessage object that can be used for decryption .