Sample code for 30+ languages & platforms
Android™

Verify the Digital Signatures on an Email

See more Email Object Examples

Demonstrates the read-only Chilkat Email.SignaturesValid property, which is true when the email was received with one or more digital signatures and all of them validated, indicating the message was not altered. It is only meaningful when ReceivedSigned is true, so this example checks that first.

Background: A valid signature proves integrity — the bytes that were signed are exactly the bytes you received — but that is not the same as trust. A message can carry a perfectly valid signature from a certificate you have no reason to trust (self-signed, expired, or from an unknown issuer). So after confirming SignaturesValid, an application that needs assurance of who signed should separately examine the signer certificate and its chain (see LastSignerCert).

Chilkat Android™ Downloads

Android™
// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    boolean success = false;

    //  Demonstrates the read-only Email.SignaturesValid property, which is true if the email
    //  was received with one or more digital signatures AND all of them validated (indicating
    //  the email was not altered).  It is only meaningful when ReceivedSigned is true.

    CkEmail email = new CkEmail();

    success = email.LoadEml("qa_data/eml/signed.eml");
    if (success == false) {
        Log.i(TAG, email.lastErrorText());
        return true;
        }

    if (email.get_ReceivedSigned() == true) {
        if (email.get_SignaturesValid() == true) {
            Log.i(TAG, "The signature(s) verified: the email was not altered.");
            }
        else {
            Log.i(TAG, "Signature verification FAILED.");
            }

        }
    else {
        Log.i(TAG, "This email was not received with a digital signature.");
        }

    //  Note: Paths such as "qa_data/..." are relative local filesystem paths,
    //  relative to the current working directory of the running application.

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}