How to use Collaboration Data Objects to see if a message is signed and/or encrypted (194623)



The information in this article applies to:

  • Collaboration Data Objects (CDO) 1.2
  • Collaboration Data Objects (CDO) 1.21

This article was previously published under Q194623

SUMMARY

The Signed and Encrypted properties of the Message object will not accurately reflect the security status of a message unless the e-mail client has set the PR_SECURITY property. This article describes how to determine if a received message is signed and/or encrypted.

MORE INFORMATION

The Signed and Encrypted properties on a Collaboration Data Objects (1.2, 1.21) Message Object correspond to the SECURITY_SIGNED and SECURITY_ENCRYPTED flag of the MAPI property PR_SECURITY. These properties of a message will not be available even if the e-mail client that sent the message set the PR_SECURITY flag of the message before sending it. Consequently, using these properties to programmatically determine if a message has security on it is unreliable.

Testing revealed that Microsoft Outlook 98 and Microsoft Outlook Express do not set the PR_SECURITY property. Therefore the Signed or Encrypted properties of messages sent from these products will always be FALSE regardless of the actual Signed or Encrypted state of the message.

An alternate way to determine the security level of a message is to determine what class the message is. You can access this property by using the Fields collection of a message object as demonstrated in the following line of code:
   objMessage.Fields(CdoPR_MESSAGE_CLASS).Value
				
The following Visual Basic code demonstrates how to access this property:
   Option Explicit
   'Requires a reference to the Microsoft CDO (1.2 or 1.21) library
   Private Sub Form_Load()

     Dim strServer As String
     Dim strMailbox As String
     Dim strProfileInfo As String
     Dim objSession As MAPI.Session
     Dim objInbox As Folder
     Dim objMessages As Messages
     Dim objMessage As Message

     strServer = "MyExchangeServer"  'Insert name of an Exchange Server.
     strMailbox = "MyMailbox"        'Insert the name of a Mailbox.

     'Create your ProfileInfo string.
     strProfileInfo = strServer & vbLf & strMailbox

     'Create your session and log onto it on the fly.
     Set objSession = New MAPI.Session
     objSession.Logon "", "", False, True, 0, True, strProfileInfo

     'Create your Inbox object and get all the messages in the inbox.
     Set objInbox = objSession.Inbox
     Set objMessages = objInbox.Messages

     'Get the first message in the objMessages collection.
     Set objMessage = objMessages.GetFirst

     If objMessage Is Nothing Then
        MsgBox "No messages to process"
     Else
        'Set up a loop to run through all the messages in the inbox.
        Do
          With objMessage
             'Print the subject.
             Debug.Print .Subject

             'Print the Message Class.
             Debug.Print .Fields(CdoPR_MESSAGE_CLASS).Value
             Debug.Print
          End With    'objMessage

          'Get the next message.
          Set objMessage = objMessages.GetNext
        Loop Until objMessage Is Nothing
     End If

     'Logoff your session and destroy your objects.
     objSession.Logoff

     Set objMessage = Nothing
     Set objMessages = Nothing
     Set objInbox = Nothing
     Set objSession = Nothing
     Unload Me   'Unload the form
   End Sub
Different e-mail clients and security methods create different classes. For example, a message created in Microsoft Outlook 98 using Exchange security will have the following properties:
  • Unsigned and Unencrypted: IPM.Note
  • Signed and Unencrypted: IPM.NOTE.SECURE.SIGN
  • Unsigned and Encrypted: IPM.NOTE.SECURE
  • Signed and Encrypted: IPM.NOTE.SECURE
On the other hand, if you use Secure - Multipurpose Internet Mail Extensions (SMIME) from Microsoft Outlook Express to send a signed message, the class will be IPM.Note.SMIME.MultipartSigned.

Therefore, in order to use the Message Class of a message to determine if the message is signed and/or encrypted, you must determine what message class your e-mail client uses when sending signed and/or encrypted e-mail. Since it would be impossible to maintain a list of the message classes used by every e-mail client available, the preceding code should help you by looping through all the messages in your Inbox folder and display the Message class. This should help you in determining how to perform the tests for signed and/or encrypted e-mail in your application.

Note Creating messages of these classes will not accomplish sending encrypted/signed messages.

The techniques detailed in this article cannot be used in the OnSubmit event of an Exchange Client Extension. Outlook calls OnSubmit for all extensions before it applies any security to the message to ensure that any work done by the extension is also protected. Because of this, the message class will always be IPM.Note regardless of the security settings.

REFERENCES

For additional information, please see the following article in the Microsoft Knowledge Base:

177853 PRB: PR_SECURITY property is ignored by Exchange Server



Microsoft Developer Network Library; search on: "Signed Property (Message Object)"; "Encrypted Property (Message Object)"

Modification Type:MinorLast Reviewed:7/15/2005
Keywords:kbcode kbhowto kbMsg KB194623