.NET Framework Class Library
CertificateEmbeddingOption Enumeration

Specifies the location where the X.509 certificate that is used in signing is stored.

Namespace:   System.IO.Packaging
Assembly:  WindowsBase (in WindowsBase.dll)
Public Enumeration CertificateEmbeddingOption
public enum CertificateEmbeddingOption
public enum class CertificateEmbeddingOption
type CertificateEmbeddingOption
public enum CertificateEmbeddingOption
<object property="enumerationMemberName" .../>
Member nameDescription
InCertificatePartThe certificate is embedded in its own PackagePart.
InSignaturePartThe certificate is embedded in the SignaturePart that is created for the signature being added.
NotEmbeddedThe certificate in not embedded in the package.

If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. Applications should not make any assumption regarding the validity of these two elements. To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.


The following example shows how to use CertificateEmbeddingOption in order to set the PackageDigitalSignatureManager. CertificateOption property. For the complete sample, see Creating a Package with a Digital Signature Sample.

Version Information

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1