PackageDigitalSignatureManager.Sign PackageDigitalSignatureManager.Sign PackageDigitalSignatureManager.Sign PackageDigitalSignatureManager.Sign Method

Definition

Signs a list of package parts with a specified X.509 certificate.

Overloads

Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>)

Prompts the user for an X.509 certificate, which is then used to digitally sign a specified list of package parts.

Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate)

Signs a list of package parts with a given X.509 certificate.

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>)

Signs a list of package parts and package relationships with a given X.509 certificate.

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String)

Signs a list of package parts and package relationships with a given X.509 certificate and identifier (ID).

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>)

Signs a list of package parts, package relationships, or custom objects with a specified X.509 certificate and signature identifier (ID).

Examples

The following example shows the steps to digitally sign a list of parts within a Package. For the complete sample, see Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>) Sign(IEnumerable<Uri>)

Prompts the user for an X.509 certificate, which is then used to digitally sign a specified list of package parts.

public:
 System::IO::Packaging::PackageDigitalSignature ^ Sign(System::Collections::Generic::IEnumerable<Uri ^> ^ parts);
public System.IO.Packaging.PackageDigitalSignature Sign (System.Collections.Generic.IEnumerable<Uri> parts);
member this.Sign : seq<Uri> -> System.IO.Packaging.PackageDigitalSignature
Public Function Sign (parts As IEnumerable(Of Uri)) As PackageDigitalSignature

Parameters

parts
IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart elements to sign.

Returns

Examples

The following example shows how to digitally sign a list of package parts. For the complete sample, see the Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

Remarks

To make the certificate selection dialog modal to a particular window, set the ParentWindow property before calling Sign.

Sign will not prompt for certificates if there are none in the default certificate store.

See also

Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate) Sign(IEnumerable<Uri>, X509Certificate)

Signs a list of package parts with a given X.509 certificate.

public:
 System::IO::Packaging::PackageDigitalSignature ^ Sign(System::Collections::Generic::IEnumerable<Uri ^> ^ parts, System::Security::Cryptography::X509Certificates::X509Certificate ^ certificate);
public System.IO.Packaging.PackageDigitalSignature Sign (System.Collections.Generic.IEnumerable<Uri> parts, System.Security.Cryptography.X509Certificates.X509Certificate certificate);
member this.Sign : seq<Uri> * System.Security.Cryptography.X509Certificates.X509Certificate -> System.IO.Packaging.PackageDigitalSignature
Public Function Sign (parts As IEnumerable(Of Uri), certificate As X509Certificate) As PackageDigitalSignature

Parameters

parts
IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart elements to sign.

certificate
X509Certificate X509Certificate X509Certificate X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts.

Returns

The digital signature used to sign the given list of parts; or null if no certificate could be found or the user clicked "Cancel" in the certificate selection dialog box.

Examples

The following example shows how to digitally sign a list of parts within a Package. For the complete example, see the Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()
See also

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>)

Signs a list of package parts and package relationships with a given X.509 certificate.

public:
 System::IO::Packaging::PackageDigitalSignature ^ Sign(System::Collections::Generic::IEnumerable<Uri ^> ^ parts, System::Security::Cryptography::X509Certificates::X509Certificate ^ certificate, System::Collections::Generic::IEnumerable<System::IO::Packaging::PackageRelationshipSelector ^> ^ relationshipSelectors);
public System.IO.Packaging.PackageDigitalSignature Sign (System.Collections.Generic.IEnumerable<Uri> parts, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Collections.Generic.IEnumerable<System.IO.Packaging.PackageRelationshipSelector> relationshipSelectors);
member this.Sign : seq<Uri> * System.Security.Cryptography.X509Certificates.X509Certificate * seq<System.IO.Packaging.PackageRelationshipSelector> -> System.IO.Packaging.PackageDigitalSignature
Public Function Sign (parts As IEnumerable(Of Uri), certificate As X509Certificate, relationshipSelectors As IEnumerable(Of PackageRelationshipSelector)) As PackageDigitalSignature

Parameters

parts
IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart objects to sign.

certificate
X509Certificate X509Certificate X509Certificate X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts and relationships.

relationshipSelectors
IEnumerable<PackageRelationshipSelector>

The list of PackageRelationship objects to sign.

Returns

The digital signature used to sign the elements specified in the parts and relationshipSelectors lists.

Exceptions

Neither parts nor relationshipSelectors specify any objects to sign.

Examples

The following example shows how to digitally sign a list of package parts. For the complete sample, see the Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

Remarks

Between parts and relationshipSelectors there must be at least one element to sign.

See also

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String)

Signs a list of package parts and package relationships with a given X.509 certificate and identifier (ID).

public:
 System::IO::Packaging::PackageDigitalSignature ^ Sign(System::Collections::Generic::IEnumerable<Uri ^> ^ parts, System::Security::Cryptography::X509Certificates::X509Certificate ^ certificate, System::Collections::Generic::IEnumerable<System::IO::Packaging::PackageRelationshipSelector ^> ^ relationshipSelectors, System::String ^ signatureId);
public System.IO.Packaging.PackageDigitalSignature Sign (System.Collections.Generic.IEnumerable<Uri> parts, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Collections.Generic.IEnumerable<System.IO.Packaging.PackageRelationshipSelector> relationshipSelectors, string signatureId);
member this.Sign : seq<Uri> * System.Security.Cryptography.X509Certificates.X509Certificate * seq<System.IO.Packaging.PackageRelationshipSelector> * string -> System.IO.Packaging.PackageDigitalSignature
Public Function Sign (parts As IEnumerable(Of Uri), certificate As X509Certificate, relationshipSelectors As IEnumerable(Of PackageRelationshipSelector), signatureId As String) As PackageDigitalSignature

Parameters

parts
IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart objects to sign.

certificate
X509Certificate X509Certificate X509Certificate X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts and relationships.

relationshipSelectors
IEnumerable<PackageRelationshipSelector>

The list of PackageRelationship objects to sign.

signatureId
String String String String

An identification string to associate with the signature.

Returns

The digital signature used to sign the elements specified in the parts and relationshipSelectors lists.

Exceptions

Neither parts nor relationshipSelectors specify any elements to sign.

Examples

The following example shows how to digitally sign a list of package parts. For the complete sample, see the Creating a Package with a Digital Signature Sample.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

Remarks

The parts list can be empty or null if relationshipSelectors contains at least one entry.

The relationshipSelectors list can be empty or null if parts contains at least one entry.

Between the parts list and relationshipSelectors there must be at least one element to sign.

See also

Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>) Sign(IEnumerable<Uri>, X509Certificate, IEnumerable<PackageRelationshipSelector>, String, IEnumerable<DataObject>, IEnumerable<Reference>)

Signs a list of package parts, package relationships, or custom objects with a specified X.509 certificate and signature identifier (ID).

public:
 System::IO::Packaging::PackageDigitalSignature ^ Sign(System::Collections::Generic::IEnumerable<Uri ^> ^ parts, System::Security::Cryptography::X509Certificates::X509Certificate ^ certificate, System::Collections::Generic::IEnumerable<System::IO::Packaging::PackageRelationshipSelector ^> ^ relationshipSelectors, System::String ^ signatureId, System::Collections::Generic::IEnumerable<System::Security::Cryptography::Xml::DataObject ^> ^ signatureObjects, System::Collections::Generic::IEnumerable<System::Security::Cryptography::Xml::Reference ^> ^ objectReferences);
[System.Security.SecurityCritical]
public System.IO.Packaging.PackageDigitalSignature Sign (System.Collections.Generic.IEnumerable<Uri> parts, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Collections.Generic.IEnumerable<System.IO.Packaging.PackageRelationshipSelector> relationshipSelectors, string signatureId, System.Collections.Generic.IEnumerable<System.Security.Cryptography.Xml.DataObject> signatureObjects, System.Collections.Generic.IEnumerable<System.Security.Cryptography.Xml.Reference> objectReferences);
member this.Sign : seq<Uri> * System.Security.Cryptography.X509Certificates.X509Certificate * seq<System.IO.Packaging.PackageRelationshipSelector> * string * seq<System.Security.Cryptography.Xml.DataObject> * seq<System.Security.Cryptography.Xml.Reference> -> System.IO.Packaging.PackageDigitalSignature
Public Function Sign (parts As IEnumerable(Of Uri), certificate As X509Certificate, relationshipSelectors As IEnumerable(Of PackageRelationshipSelector), signatureId As String, signatureObjects As IEnumerable(Of DataObject), objectReferences As IEnumerable(Of Reference)) As PackageDigitalSignature

Parameters

parts
IEnumerable<Uri>

The list of uniform resource identifiers (URIs) for the PackagePart objects to sign.

certificate
X509Certificate X509Certificate X509Certificate X509Certificate

The X.509 certificate to use to digitally sign each of the specified parts and relationships.

relationshipSelectors
IEnumerable<PackageRelationshipSelector>

The list of PackageRelationship objects to sign.

signatureId
String String String String

An identification string to associate with the signature.

signatureObjects
IEnumerable<DataObject>

A list of custom data objects to sign.

objectReferences
IEnumerable<Reference>

A list of references to custom objects to sign.

Returns

The digital signature used to sign the elements specified in the parts and relationshipSelectors lists.

Exceptions

Neither parts, relationshipSelectors, signatureObjects, nor objectReferences specify any elements to sign.

signatureId is not null and is not a valid XML schema ID (for example, begins with a leading numeric digit).

Remarks

There must be at least one element to sign in parts, relationshipSelectors, signatureObjects, or objectReferences.

Note

The terms Object, Manifest, Reference, SignatureProperties, and Transform in the following two remarks refer to element types and tags defined by the W3C XML-Signature Syntax and Processing specification, see https://www.w3.org/TR/xmldsig-core/.

This and other Sign method overloads use the current TransformMapping dictionary that defines a Transform to apply based on the package part ContentType. The Microsoft Open Packaging Conventions (OPC) specification currently allows only two valid Transform algorithms: C14 and C14N. The W3C XML-Signature Syntax and Processing standard does not allow empty Manifest tags. Also the Open Packaging Conventions specification requires a Package-specific Object tag that contains both Manifest and SignatureProperties tags. Each Manifest tag additionally also include at least one Reference tag. These tags require that each signature sign at least one PackagePart (non-empty parts tag) or PackageRelationship (non-empty relationshipSelectors) even if the signature is needed only to sign signatureObjects or objectReferences.

This Sign method ignores the DigestMethod property associated with each Reference defined in objectReferences.

This Sign overload provides support for generation of XML signatures that require custom Object tags. For any provided Object tag to be signed, a corresponding Reference tag must be provided with a uniform resource identifier (URI) that specifies the Object tag in local fragment syntax. For example if the Object tag has an ID of "myObject", the URI in the Reference tag would be "#myObject". For unsigned objects, no Reference is required.

See also

Applies to