locked
Powershell send s/mime encrypted mail with attachment RRS feed

  • Question

  • Hi Guys!

    I've a tricky challenge.

    I try to send powershell generated emails with an attachment and - on top - s/mime encrypted.

    My current state of work:

    send encrypted emails (without attachment) - success

    send unencrypted emails (with attachment) - success

    send encrypted emaisl (with attachment) - failed

    Do anyone have a solution of this?

    Thanks in advance!!!

    cls
    $RecipientCN = $null
    $RootDSE = $null
    $Certificate = $null
    $UserCertificate = $null
    $ExcelFile = "C:\Temp\123.xlsx"
    $RecipientCN='<cn>' 
    $SearchForestForPerson = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://DC=domain,DC=com")
    $SearchForestForPerson.SearchScope = "subtree" 
    $SearchForestForPerson.PropertiesToLoad.Add("mail") | Out-Null 
    $SearchForestForPerson.PropertiesToLoad.Add("usercertificate") | Out-Null 
    $SearchForestForPerson.Filter = ("(&(objectClass=person)(CN=$RecipientCN))") 
    $Recipient = $SearchForestForPerson.FindOne()
    $ChosenCertificate = $null 
    $Now = Get-Date 
    If ($Recipient.Properties.usercertificate -ne $null) { 
        ForEach ($UserCertificate in $Recipient.Properties.usercertificate) { 
            $ValidForSecureEmail = $false 
            $Certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$UserCertificate 
    		$Extensions = $Certificate.Extensions 
            ForEach ($Extension in $Extensions) { 
                If ($Extension.EnhancedKeyUsages -ne $null) { 
                    ForEach ($EnhancedKeyUsage in $Extension.EnhancedKeyUsages) { 
                        If ($EnhancedKeyUsage.FriendlyName -ine "Secure Email") { 
                            $ValidForSecureEmail = $true 
                            break 
                        } 
                    } 
                    If ($ValidForSecureEmail) { 
                        break 
                    } 
                } 
            } 
            If ($ValidForSecureEmail) { 
                If ($Now -gt $Certificate.NotBefore.AddMinutes(-5) -and $Now -lt $Certificate.NotAfter.AddMinutes(5)) { 
                    $ChosenCertificate = $Certificate 
                } 
            } 
            If ($ChosenCertificate -ne $null) { 
                break 
    			
            } 
        } 
    }
    Add-Type -assemblyName "System.Security" 
    $MailClient = New-Object System.Net.Mail.SmtpClient "<Smtp-Server>"
    $Message = New-Object System.Net.Mail.MailMessage
    $Message.To.Add($Recipient.properties.mail.item(0)) 
    $Message.From = "<sender address>"
    $Message.Subject = "Unencrypted subject of the message" 
    $Body = "This is the mail body"
    $MIMEMessage = New-Object system.Text.StringBuilder 
    $MIMEMessage.AppendLine('Content-Type: text/plain; charset="UTF-8"') | Out-Null 
    $MIMEMessage.AppendLine('Content-Transfer-Encoding: 7bit') | Out-Null 
    $MIMEMessage.AppendLine() | Out-Null 
    $MIMEMessage.AppendLine($Body) | Out-Null
    $MIMEMessage.Append($ExcelFile) | Out-Null
    [Byte[]] $BodyBytes = [System.Text.Encoding]::ASCII.GetBytes($MIMEMessage.ToString())
    $ContentInfo = New-Object System.Security.Cryptography.Pkcs.ContentInfo (,$BodyBytes) 
    $CMSRecipient = New-Object System.Security.Cryptography.Pkcs.CmsRecipient $ChosenCertificate 
    $EnvelopedCMS = New-Object System.Security.Cryptography.Pkcs.EnvelopedCms $ContentInfo 
    $EnvelopedCMS.Encrypt($CMSRecipient) 
    [Byte[]] $EncryptedBytes = $EnvelopedCMS.Encode() 
    $MemoryStream = New-Object System.IO.MemoryStream @(,$EncryptedBytes) 
    $AlternateView = New-Object System.Net.Mail.AlternateView($MemoryStream, "application/pkcs7-mime; smime-type=enveloped-data;name=smime.p7m") 
    $Message.AlternateViews.Add($AlternateView)
    $MailClient.Send($Message)


    Monday, June 23, 2014 7:02 AM

Answers

All replies