CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption Enum


Specifies the location where the X.509 certificate that is used in signing is stored.

public enum class CertificateEmbeddingOption
public enum CertificateEmbeddingOption
type CertificateEmbeddingOption = 
Public Enum CertificateEmbeddingOption


InCertificatePart InCertificatePart InCertificatePart InCertificatePart 0

The certificate is embedded in its own PackagePart.

InSignaturePart InSignaturePart InSignaturePart InSignaturePart 1

The certificate is embedded in the SignaturePart that is created for the signature being added.

NotEmbedded NotEmbedded NotEmbedded NotEmbedded 2

The certificate in not embedded in the package.


The following example shows how to use InSignaturePart in order to set the PackageDigitalSignatureManager.CertificateOption property. For the complete sample, see Creating a Package with a Digital Signature Sample.


If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. Applications should not make any assumption regarding the validity of these two elements. To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.

Applies to

See also