This documentation is archived and is not being maintained.

CertificateEmbeddingOption Enumeration

Specifies the location where the X.509 certificate that is used in signing is stored.

Namespace:  System.IO.Packaging
Assembly:  WindowsBase (in WindowsBase.dll)

public enum CertificateEmbeddingOption
<object property="enumerationMemberName" .../>

Member nameDescription
InCertificatePartThe certificate is embedded in its own PackagePart.
InSignaturePartThe certificate is embedded in the SignaturePart that is created for the signature being added.
NotEmbeddedThe certificate in not embedded in the package.

If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. Applications should not make any assumption regarding the validity of these two elements. To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.

The following example shows how to use CertificateEmbeddingOption in order to set the PackageDigitalSignatureManager.CertificateOption property. For the complete sample, see Creating a Package with a Digital Signature Sample.

.NET Framework

Supported in: 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.