I'm having issues parsing an S/MIME encrypted E-mail message using MimeKit's LoadAsync method. I want to parse it to a MimeMessage object to later decrypt it. The method throws an error Failed to parse message headers upon calling. Please see code below:
using var mimeMemoryStream = new MemoryStream(Encoding.UTF8.GetBytes(emailMime), false);
var message = await MimeMessage.LoadAsync(mimeMemoryStream);
emailMime contains a string representation of my message, as shown below (sensitive information has been removed and the encrypted body has been truncated):
Received: by mx0107p1iad2.sendgrid.net with SMTP id K73DvryGyn Tue, 11 Oct 2022 08:03:25 +0000 (UTC)
Received: from mail-ej1-f46.google.com (unknown [<IP address>]) by mx0107p1iad2.sendgrid.net (Postfix) with ESMTPS id 1100E421485 for <whatever@example.com>; Tue, 11 Oct 2022 08:03:25 +0000 (UTC)
Received: by mail-ej1-f46.google.com with SMTP id d26so22519478eje.10 for <whatever@example.com>; Tue, 11 Oct 2022 01:03:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:mime-version:content-transfer-encoding :content-disposition:from:from:to:cc:subject:date:message-id :reply-to; bh=cDJY/6ek7SRtGZFiIsYCTyL4DLhWgTozU0FyWoZ++0A=; b=FbnltkWgSgPrKtzIGDaJBHrKTrRfUHUssD1hVejeN9Tpvyy/jSBXos/rSNPvcdjPqqFn9CZR5DBvcrOu4lzknx+c9fythtKdaixkPcEVmNOhZOtla8QsMRApPFoF4smO05LYbJHAKyuQ6tVbe9sL+aOwBptkulVGMpxHGqfS72/5ziuuLumW2cY4QMUCc+y+V3QWPAgU/lInQAQen1Nd02eSibLq072lU0AzPs9/WrwCXbt6N9oi67iPJIn8jPX6FI25ZGR4athf1l050/5I4rlNOITixEn3RhEU95iY/GlkmLYXb76cQ3aHVRMH42dzteftfsgZoFG+MBnJuqQ6Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:mime-version:content-transfer-encoding :content-disposition:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=cDJY/6ek7SRtGZFiIsYCTyL4DLhWgTozU0FyWoZ++0A=; b=Orc41aH7O0a4+vODOe/YQs/0+My5X3lskrKdrvRojWWrvvV2zVwjndaSf8ddQ0v8dF8NcaeHVxWBfu7AI+lcrdRiekteiFi0XI+zZwUo2jkH+HtFj+AnZ4FmSFk8HMwI+qgJ4c8xpHTzj/oBRP1EjOQiTptwGtbSKdHROWHbok4ZcQarUHX2+EbEKcLFoDz0TFQLgtvcBRqMFvhNINz0o9aSXC8J9clAoyErqjrQ3zz73ft0mdReuxQnJdzKqwfXOONOEsOgTPka6XP0Qwjub/CZYnEBSlNU+/SkzuQ6WEJGUqEvvYgP6m9Pc6XXZCazgBU+wOBn+IKCG+s+LkrF9w==
X-Gm-Message-State: ACrzQf1oA5iNjn3X5zVuDxGXFNkB1P7tVN/1qcSYtR4d1CZ24JCgvDb8 yJ80uaUDvLgj35jXqBVkqulvWiounXFJziww
X-Google-Smtp-Source: AMsMyM7L+/WNsoR0o2XmR+n4xnKtMdfXqCckvEfwrjXCTDrKifsLhSRtuGtJN0lgyfxYI93UNV8BxA==
X-Received: by 2002:a17:907:2c68:b0:78d:7981:3f8d with SMTP id ib8-20020a1709072c6800b0078d79813f8dmr16356575ejc.724.1665475403776; Tue, 11 Oct 2022 01:03:23 -0700 (PDT)
Received: from [<IP address>] (<domain>. [<IP address>]) by smtp.gmail.com with ESMTPSA id bx10-20020a0564020b4a00b00456cbd8c65bsm8688491edb.6.2022.10.11.01.03.22 for <whatever@example.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Oct 2022 01:03:23 -0700 (PDT)
From: Sender <sender@example.com>
X-Google-Original-From: "Sender" <sender@example.com>
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Date: Tue, 11 Oct 2022 10:03:20 +0200
Message-ID: <b6d24167-f517-44dc-b21f-bb219cd25e74@mail.dll>
Subject: Encrypted and signed
To: Bob <whatever@example.com>
MIKJpwYJKoZIhvcNAQcDoIKJmDCCiZQCAQAxggHkMIIB4AIBADCBxzCBrjELMAkGA1UEBhMCUEwxHDAaBgNVBAgME0Jp
[truncated]
Tpzn/UAqUMCVY1C/nzU3T0zEcJDxDIb4eaVGr+n6w1Xc2nQs7SOBfXumZ67Ds9fCVeNvk28=
Reading mimeMemoryStream returns the original message, so encoding seems fine.
I also tried sending this message to myself and was able to open this email in Outlook decrypt it using my certificate, so I'm not sure if there's anything wrong with the message itself. I also tested my pipeline with an unecrypted message and that works as well.
For anyone coming here in the future with a similar issue - I found a fix.
There needs to be an extra line between the headers and the encrypted content (so in my example between To: Bob <whatever@example.com> and the encrypted stuff. I guess without it the parser was interpreting the encrypted data as a header declaration, which explains why it was getting confused there.