使用 MIP 解密从组织外部收到的电子邮件
我目前正在尝试使用 MIP sdk 解密收到的受保护电子邮件。
我当前的问题是,虽然我目前能够解密从我自己组织内的人员收到的邮件,但我无法解密从我自己组织外部的电子邮件地址发送的加密邮件。
我首先获取一个令牌
_app = PublicClientApplicationBuilder.Create(_appInfo.ApplicationId).WithAuthority(Authority2).WithDefaultRedirectUri().Build();
string[] scopes = { "User.Read" };
SecureString secure = new SecureString();
foreach (char c in "password")
{
secure.AppendChar(c);
}
IAccount userAccount = _app.AcquireTokenByUsernamePassword(scopes, "username", secure).ExecuteAsync().Result.Account;
var tokenss = _app.AcquireTokenSilent(new[] { "https://aadrm.com/user_impersonation" }, userAccount).ExecuteAsync();
var realtoken = tokenss.Result.AccessToken;
return realtoken;
,然后通过我的文件引擎将其与要解密的 .msg 文件一起传递
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result;
var handler = Task.Run(async () => await fileEngine.CreateFileHandlerAsync(inputFilePath,
actualfilepath,
false)).Result;
,当电子邮件由我发送或电子邮件发件人在我自己的组织内时,这种方法可以正常工作。
我得到的例外
The service didn't accept the auth token. Challenge:['Bearer resource="https://aadrm.com"
是我怀疑公钥和私钥有问题,但我绝不是加密方面的专家。
I am currently attempting to decrypt protected Emails i receive using the MIP sdk.
My current problem is that while I am currently able to decrypt mails that I receive from people within my own organization I am not able to decrypt encrypted mails sent from Email addresses outside my own organization.
I start out by getting a token
_app = PublicClientApplicationBuilder.Create(_appInfo.ApplicationId).WithAuthority(Authority2).WithDefaultRedirectUri().Build();
string[] scopes = { "User.Read" };
SecureString secure = new SecureString();
foreach (char c in "password")
{
secure.AppendChar(c);
}
IAccount userAccount = _app.AcquireTokenByUsernamePassword(scopes, "username", secure).ExecuteAsync().Result.Account;
var tokenss = _app.AcquireTokenSilent(new[] { "https://aadrm.com/user_impersonation" }, userAccount).ExecuteAsync();
var realtoken = tokenss.Result.AccessToken;
return realtoken;
Then i pass it through my file engine with an .msg file to be decrypted
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result;
var handler = Task.Run(async () => await fileEngine.CreateFileHandlerAsync(inputFilePath,
actualfilepath,
false)).Result;
And this works fine when the email is either sent by me or when the sender of the email is within my own organization.
Exception i get
The service didn't accept the auth token. Challenge:['Bearer resource="https://aadrm.com"
I suspect something is wrong with public and private keys, but I am in no way expert in encryption.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
要解密由不属于您的租户的用户或服务加密的电子邮件,您必须获得他们的授权。
当在您的组织内受到保护时,我希望所使用的保护模板允许您的帐户/任何帐户进行解密。
当受到组织外部 AIP 服务的保护时,这取决于所使用的保护模板。
您可以向对您收到的电子邮件进行加密的服务的管理员检查在保护模板中配置了哪些权限。
For decrypting emails that were encrypted by users or services not belonging to your tenant, you must be granted rights to do so by them.
When protected within your organization, I expect that the protection template that is used allows your account / any account to decrypt.
When protected from an AIP service outside your organization, it depends on the protection template that was used.
You can check with the administrator of the service that encrypts the emails you receive what kind of privileges were configured in the protection template.