PackageDigitalSignatureManager.Sign Method (IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>)

Signs a list of package parts, package relationships, or custom objects with a specified X.509 certificate and signature identifier (ID).

Namespace:  System.IO.Packaging
Assembly:  WindowsBase (in WindowsBase.dll)

public PackageDigitalSignature Sign(
	IEnumerable<Uri> parts,
	X509Certificate certificate,
	IEnumerable<PackageRelationshipSelector> relationshipSelectors,
	string signatureId,
	IEnumerable<DataObject> signatureObjects,
	IEnumerable<Reference> objectReferences


Type: System.Collections.Generic.IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart objects to sign.

Type: System.Security.Cryptography.X509Certificates.X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts and relationships.

Type: System.Collections.Generic.IEnumerable<PackageRelationshipSelector>

The list of PackageRelationship objects to sign.

Type: System.String

An identification string to associate with the signature.

Type: System.Collections.Generic.IEnumerable<DataObject>

A list of custom data objects to sign.

Type: System.Collections.Generic.IEnumerable<Reference>

A list of references to custom objects to sign.

Return Value

Type: System.IO.Packaging.PackageDigitalSignature
The digital signature used to sign the elements specified in the parts and relationshipSelectors lists.


Neither parts, relationshipSelectors, signatureObjects, nor objectReferences specify any elements to sign.


A ContentType of a part being signed references an empty, null, or undefined TransformMapping.


signatureId is not null and is not a valid XML schema ID (for example, begins with a leading numeric digit).

There must be at least one element to sign in parts, relationshipSelectors, signatureObjects, or objectReferences.


The terms Object, Manifest, Reference, SignatureProperties, and Transform in the following two remarks refer to element types and tags defined by the W3C XML-Signature Syntax and Processing specification, see

This and other Sign method overloads use the current TransformMapping dictionary that defines a Transform to apply based on the package part ContentType. The Microsoft Open Packaging Conventions (OPC) specification currently allows only two valid Transform algorithms: C14 and C14N. The W3C XML-Signature Syntax and Processing standard does not allow empty Manifest tags. Also the Open Packaging Conventions specification requires a Package-specific Object tag that contains both Manifest and SignatureProperties tags. Each Manifest tag additionally also include at least one Reference tag. These tags require that each signature sign at least one PackagePart (non-empty parts tag) or PackageRelationship (non-empty relationshipSelectors) even if the signature is needed only to sign signatureObjects or objectReferences.

This Sign method ignores the DigestMethod property associated with each Reference defined in objectReferences.

This Sign overload provides support for generation of XML signatures that require custom Object tags. For any provided Object tag to be signed, a corresponding Reference tag must be provided with a uniform resource identifier (URI) that specifies the Object tag in local fragment syntax. For example if the Object tag has an ID of "myObject", the URI in the Reference tag would be "#myObject". For unsigned objects, no Reference is required.

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft