CertificateEmbeddingOption Enumeration


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Specifies the location where the X.509 certificate that is used in signing is stored.

Namespace:   System.IO.Packaging
Assembly:  WindowsBase (in WindowsBase.dll)

public enum CertificateEmbeddingOption

Member nameDescription

The certificate is embedded in its own PackagePart.


The certificate is embedded in the SignaturePart that is created for the signature being added.


The certificate in not embedded in the package.

If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfofield of the stored digital signature. The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. Applications should not make any assumption regarding the validity of these two elements. To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.

The following example shows how to use CertificateEmbeddingOption in order to set the PackageDigitalSignatureManager.CertificateOption property. For the complete sample, see Creating a Package with a Digital Signature Sample.

.NET Framework
Available since 3.0
Return to top