Microsoft KB Archive/312900

= How To Assign an S/MIME Certificate to a MAPI Profile for Use with Outlook =

Article ID: 312900

Article Last Modified on 8/25/2005

-

APPLIES TO


 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Messaging Application Programming Interface

-



This article was previously published under Q312900



SUMMARY
This article demonstrates how to programmatically assign a digital certificate to a MAPI profile to use with Microsoft Outlook for digitally signing and encrypting e-mail. This article addresses the MAPI part of this task, and assumes a working knowledge of the Secure Multipurpose Internet Messaging Extensions (S/MIME).



MORE INFORMATION
To assign a certificate to a MAPI profile, follow these steps:   Get the hashes for both your signing certificate and your encryption certificate. These hashes are in binary format, and can be retrieved by using the CertGetCertificateContextProperty function of the Cryptography application programming interface (API): CertGetCertificateContextProperty(pCert, CERT_HASH_PROP_ID, *lpbHash, cbHash);  Generate an ASN1-encoded S/MIME capabilities binary large object (BLOB) for your certificates. For more information, see the Request for Comments (RFC) for S/MIME.  Create a BLOB to hold your security settings. Each setting or property is made up of a TAG/LENGTH/DATA combination as follows:

Here is an example: 0100 0800 01000000 Translated: TAG = 1 LENGTH = 8 bytes DATA = 1 Here are the properties that you must include in your BLOB:

Note that the properties are all stored in one continuous byte stream.  Use the IProfAdmin interface to open the MAPI profile.  Open the GUID_Dilkie profile section, where the security settings are stored. Define GUID_Dilkie as follows: const GUID CDECL GUID_Dilkie = { 0x53bc2ec0, 0xd953, 0x11cd, {0x97, 0x52, 0x00, 0xaa, 0x00, 0x4a, 0xe4, 0x0e}  };   Step 5 gives you an IProfSect interface. On this interface, set the following property: This property is a multivalued binary property. You must set the first binary value on the property with the BLOB that you created in step 3. LPPROFSECT         lpProfSect = NULL; SPropValue         SecProp; LPSPropValue       lpSecProp = &SecProp; SBinary            sbCert; LPBYTE             lpbCertBlob = NULL; ULONG              cbCertBlob = 0;
 * 1) define PR_SECURITY_PROFILES PROP_TAG(PT_MV_BINARY, 0x355)

// Do the work to generate lpbCertBlob (step 3) and open GUID_Dilkie profile section.

// Set up property tag structure for PR_SECURITY_PROFILES. SecProp.ulPropTag = PR_SECURITY_PROFILES; SecProp.Value.MVbin.cValues = 1; SecProp.Value.MVbin.lpbin = &sbCert; SecProp.Value.MVbin.lpbin[0].cb = cbCertBlob; SecProp.Value.MVbin.lpbin[0].lpb = lpbCertBlob;

// Set properties on the profile section. if (FAILED(hRes = lpProfSect->SetProps(1, lpSecProp, NULL))) {   printf(&quot;Error setting property on profile.\n&quot;); goto error; }                   </ol>

Keywords: kbhowto kbmsg KB312900

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.