send s/mime encrypted mail with attachment

Hi Guys!

I've a tricky challenge.

I try to send powershell generated emails with an attachment and - on top - s/mime encrypted.

My current state of work:

send encrypted emails (without attachment) - success

send unencrypted emails (with attachment) - success

send encrypted emaisl (with attachment) - failed

Do anyone have a solution of this?

Thanks in advance!!!

regards - Thomminger

cls
$RecipientCN = $null
$RootDSE = $null
$Certificate = $null
$UserCertificate = $null
$ExcelFile = "C:\Temp\123.xlsx"

$RecipientCN='<cn>' 
$SearchForestForPerson = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://DC=domain,DC=com")
$SearchForestForPerson.SearchScope = "subtree" 
$SearchForestForPerson.PropertiesToLoad.Add("mail") | Out-Null 
$SearchForestForPerson.PropertiesToLoad.Add("usercertificate") | Out-Null 
$SearchForestForPerson.Filter = ("(&(objectClass=person)(CN=$RecipientCN))") 
$Recipient = $SearchForestForPerson.FindOne()

$ChosenCertificate = $null 
$Now = Get-Date 
If ($Recipient.Properties.usercertificate -ne $null) { 
    ForEach ($UserCertificate in $Recipient.Properties.usercertificate) { 
        $ValidForSecureEmail = $false 
        $Certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$UserCertificate 
		$Extensions = $Certificate.Extensions 
        ForEach ($Extension in $Extensions) { 
            If ($Extension.EnhancedKeyUsages -ne $null) { 
                ForEach ($EnhancedKeyUsage in $Extension.EnhancedKeyUsages) { 
                    If ($EnhancedKeyUsage.FriendlyName -ine "Secure Email") { 
                        $ValidForSecureEmail = $true 
                        break 
                    } 
                } 
                If ($ValidForSecureEmail) { 
                    break 
                } 
            } 
        } 
        If ($ValidForSecureEmail) { 
            If ($Now -gt $Certificate.NotBefore.AddMinutes(-5) -and $Now -lt $Certificate.NotAfter.AddMinutes(5)) { 
                $ChosenCertificate = $Certificate 
            } 
        } 
        If ($ChosenCertificate -ne $null) { 
            break 
        } 
    } 
}


Add-Type -assemblyName "System.Security" 
$MailClient = New-Object System.Net.Mail.SmtpClient "<Smtp-Server>"
$Message = New-Object System.Net.Mail.MailMessage

$Message.To.Add($Recipient.properties.mail.item(0)) 
$Message.From = "<sender address>"
$Message.Subject = "Unencrypted subject of the message" 
$Body = "This is the mail body"
$MIMEMessage = New-Object system.Text.StringBuilder 
$MIMEMessage.AppendLine('Content-Type: text/plain; charset="UTF-8"') | Out-Null 
$MIMEMessage.AppendLine('Content-Transfer-Encoding: 7bit') | Out-Null 
$MIMEMessage.AppendLine() | Out-Null 
$MIMEMessage.AppendLine($Body) | Out-Null
$MIMEMessage.Append($ExcelFile) | Out-Null

[Byte[]] $BodyBytes = [System.Text.Encoding]::ASCII.GetBytes($MIMEMessage.ToString())

$ContentInfo = New-Object System.Security.Cryptography.Pkcs.ContentInfo (,$BodyBytes) 
$CMSRecipient = New-Object System.Security.Cryptography.Pkcs.CmsRecipient $ChosenCertificate 
$EnvelopedCMS = New-Object System.Security.Cryptography.Pkcs.EnvelopedCms $ContentInfo 
$EnvelopedCMS.Encrypt($CMSRecipient) 
[Byte[]] $EncryptedBytes = $EnvelopedCMS.Encode() 
$MemoryStream = New-Object System.IO.MemoryStream @(,$EncryptedBytes) 
$AlternateView = New-Object System.Net.Mail.AlternateView($MemoryStream, "application/pkcs7-mime; smime-type=enveloped-data;name=smime.p7m") 
$Message.AlternateViews.Add($AlternateView)

$MailClient.Send($Message)