CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption Enum

Definizione

Specifica la posizione in cui è archiviato il certificato X.509 usato nella firma.Specifies the location where the X.509 certificate that is used in signing is stored.

public enum class CertificateEmbeddingOption
public enum CertificateEmbeddingOption
type CertificateEmbeddingOption = 
Public Enum CertificateEmbeddingOption
Ereditarietà
CertificateEmbeddingOptionCertificateEmbeddingOptionCertificateEmbeddingOptionCertificateEmbeddingOption

Campi

InCertificatePart InCertificatePart InCertificatePart InCertificatePart 0

Il certificato è incorporato nel relativo oggetto PackagePart.The certificate is embedded in its own PackagePart.

InSignaturePart InSignaturePart InSignaturePart InSignaturePart 1

Il certificato è incorporato nell'oggetto SignaturePart creato per la firma aggiunta.The certificate is embedded in the SignaturePart that is created for the signature being added.

NotEmbedded NotEmbedded NotEmbedded NotEmbedded 2

Il certificato non è incorporato nel pacchetto.The certificate in not embedded in the package.

Esempi

Nell'esempio seguente viene illustrato come utilizzare CertificateEmbeddingOption per impostare la PackageDigitalSignatureManager.CertificateOption proprietà.The following example shows how to use CertificateEmbeddingOption in order to set the PackageDigitalSignatureManager.CertificateOption property.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

Commenti

Se il certificato è NotEmbedded incluso nel pacchetto, un'applicazione che verifica le firme deve fornire una copia del certificato per verificare le firme firmate.If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePartaggiunge due elementi <KeyName> informativi e <KeyValue> KeyInfo , come parte del campo della firma digitale archiviata.InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. Gli <KeyName> elementi <KeyValue> e non vengono elaborati come parte della convalida della firma e pertanto non sono protetti dalla modifica.The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. Le applicazioni non devono presupporre in merito alla validità di questi due elementi.Applications should not make any assumption regarding the validity of these two elements. Per evitare la modifica non rilevata e la possibile confusione, le InCertificatePart applicazioni devono utilizzare InSignaturePartl'opzione anziché.To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. L' InCertificatePart opzione non fornisce o <KeyName> espone <KeyValue>né.The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.

Si applica a

Vedi anche