PackageDigitalSignatureManager.Sign Method (IEnumerable<Uri>, X509Certificate)

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Signs a list of package parts with a given X.509 certificate.

Namespace:   System.IO.Packaging
Assembly:  WindowsBase (in WindowsBase.dll)

public PackageDigitalSignature Sign(
	IEnumerable<Uri> parts,
	X509Certificate certificate
)

Parameters

parts
Type: System.Collections.Generic.IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart elements to sign.

certificate
Type: System.Security.Cryptography.X509Certificates.X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts.

Return Value

Type: System.IO.Packaging.PackageDigitalSignature

The digital signature used to sign the given list of parts; or null if no certificate could be found or the user clicked "Cancel" in the certificate selection dialog box.

The following example shows how to digitally sign a list of parts within a Package. For the complete example, see the Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

.NET Framework
Available since 3.0
Return to top
Show: