You are currently offline, waiting for your internet to reconnect

How To Assign an S/MIME Certificate to a MAPI Profile for Use with Outlook

Support for Office 2003 has ended

Microsoft ended support for Office 2003 on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
This article demonstrates how to programmatically assign a digital certificate to a MAPI profile to use with Microsoft Outlook for digitally signing and encrypting e-mail. This article addresses the MAPI part of this task, and assumes a working knowledge of the Secure Multipurpose Internet Messaging Extensions (S/MIME).
More information
To assign a certificate to a MAPI profile, follow these steps:
  1. Get the hashes for both your signing certificate and your encryption certificate. These hashes are in binary format, and can be retrieved by using the CertGetCertificateContextProperty function of the Cryptography application programming interface (API):
    CertGetCertificateContextProperty(pCert, CERT_HASH_PROP_ID, *lpbHash, cbHash);					
  2. Generate an ASN1-encoded S/MIME capabilities binary large object (BLOB) for your certificates. For more information, see the Request for Comments (RFC) for S/MIME.
  3. Create a BLOB to hold your security settings. Each setting or property is made up of a TAG/LENGTH/DATA combination as follows:

    TAGIndicates the property (see list below).2 bytes
    LENGTHIndicates total length of property, including tag and length bytes.2 bytes
    DATAContains the data.Variable length

    Here is an example:
    0100 0800 01000000Translated:TAG = 1LENGTH = 8 bytesDATA = 1						
    Here are the properties that you must include in your BLOB:

    PropertyNumeric ValueLengthDescription
    PR_CERT_PROP_VERSION0x00018Reserved, always 1.
    PR_CERT_MESSAGE_ENCODING0x00068Type of encoding (S/MIME = 1).
    0x1 = Default certificate for S/MIME.
    0x2 = Default certificate for all formats.
    0x4 = Send certificate with message.
    PR_CERT_DISPLAY_NAME_A0x000BVariableDisplay name of setting in Outlook user interface (for example, "My S/MIME Settings").
    PR_CERT_KEYEX_SHA1_HASH0x0022VariableBinary hash for encryption certificate. This property can be omitted if you want to allow signing only.
    PR_CERT_SIGN_SHA1_HASH0x0009VariableBinary hash for signing certificate.
    PR_CERT_ASYMETRIC_CAPS0x0002VariableASN1-encoded S/MIME capabilities BLOB.

    Note that the properties are all stored in one continuous byte stream.
  4. Use the IProfAdmin interface to open the MAPI profile.
  5. Open the GUID_Dilkie profile section, where the security settings are stored. Define GUID_Dilkie as follows:
    const GUID CDECL GUID_Dilkie = {  0x53bc2ec0, 0xd953, 0x11cd, {0x97, 0x52, 0x00, 0xaa, 0x00, 0x4a, 0xe4, 0x0e}  };					
  6. Step 5 gives you an IProfSect interface. On this interface, set the following property:
    This property is a multivalued binary property. You must set the first binary value on the property with the BLOB that you created in step 3.
    LPPROFSECT          lpProfSect = NULL;SPropValue          SecProp;LPSPropValue        lpSecProp = &SecProp;SBinary             sbCert;LPBYTE              lpbCertBlob = NULL;ULONG               cbCertBlob = 0;// Do the work to generate lpbCertBlob (step 3) and open GUID_Dilkie profile section.// Set up property tag structure for PR_SECURITY_PROFILES.SecProp.ulPropTag = PR_SECURITY_PROFILES;SecProp.Value.MVbin.cValues = 1;SecProp.Value.MVbin.lpbin = &sbCert;SecProp.Value.MVbin.lpbin[0].cb = cbCertBlob;SecProp.Value.MVbin.lpbin[0].lpb = lpbCertBlob;// Set properties on the profile section.if (FAILED(hRes = lpProfSect->SetProps(1, lpSecProp, NULL))){    printf("Error setting property on profile.\n");    goto error;}					

Article ID: 312900 - Last Review: 12/07/2015 08:11:20 - Revision: 5.0

Microsoft Outlook 2013, Microsoft Outlook 2010, Microsoft Office Outlook 2007, Microsoft Office Outlook 2003, Microsoft Outlook 2000 Standard Edition, Microsoft Outlook 2002 Standard Edition, Microsoft Messaging Application Programming Interface

  • kbnosurvey kbarchive kbhowto kbmsg KB312900