Secure Email using MAPI

I need to encrypt/sign messages using MAPI.  I have used HrSetOneProp to set
the PR_SECURITY_FLAGS on my IMessage interface, but the mail is still sent
unencrypted/unsigned.  I used MFCMapi to look at the properties of the
message, and I see the tag 0x6E010003 listed with a value of 3.

After doing further research, I think this is only viable when using the
Outlook Object Model.  We have tested setting this property on an IMailItem
and Outlook does indeed sign/encrypt the message as expected.

The runtime environment has Outlook 2007 installed, and is running an
extremely locked-down version of Windows Vista (the FDCC build with Army Gold
Master).  The problem with using the OOM is that we have experienced a ton of
issues accessing Outlook programmatically because of other security measures
that are in place in their environment (lots of Outlook add-ins and Exchange
Client Extensions), thus the reason I'd like to avoid having to use Outlook.

Can somebody please help me understand the steps required to sign/encrypt a
MAPI message?  What properties must be set?  Do I have to do the
encrypting/signing myself, or does the MAPI subsystem take care of that?

Thanks in advance,
Greg

I assume you have seenhttp://blogs.msdn.

I assume you have seen
http://blogs.msdn.com/dvespa/archive/2009/03/16/how-to-sign-or-encrypt-a-message-programmatically-from-oom.aspx
AFAIK the message indeed needs to be sent through Outlook.

--
Dmitry Streblechenko (MVP)
http://www.dimastr.com/
OutlookSpy  - Outlook, CDO
and MAPI Developer Tool
-

Thank you so much for your response, Dmitry.

Thank you so much for your response, Dmitry.  Yes, I have referenced that
article for our current implementation, which DOES use the OOM.  In most
installations it works fine.  But for whatever reason, in this particular
installation Outlook is giving us the infamous "extend.dat" error, and upon
Outlook.Application instantiation we receive an E_ABORT.  I have driven
myself absolutely crazy trying to troubleshoot this, and as far as I know
there is no other way to instantiate the Outlook.Application object in "safe
mode", or disabling all extensions/addins, etc.

It is for this reason that ideally, we would really like to get away from
relying on the OOM to send signed/encrypted mail.  It must be possible,
because Outlook itself is able to send these messages signed/encrypted via
MAPI, right?  I am sure it is not a trivial thing to accomplish, though.  :-)

HiI believe that OOM IS the right direction.

Hi

I believe that OOM IS the right direction.

Can you please give the detailed error code that you received from the
machine? What version of Outlook is installed? Can you share the code
snippet that gives the error?