CertificateEmbeddingOption 枚举

定义

指定一个位置,其中存储了签名时所用的 X.509 证书。Specifies the location where the X.509 certificate that is used in signing is stored.

public enum class CertificateEmbeddingOption
public enum CertificateEmbeddingOption
type CertificateEmbeddingOption = 
Public Enum CertificateEmbeddingOption
继承
CertificateEmbeddingOption

字段

InCertificatePart 0

该证书嵌入在自己的 PackagePart 中。The certificate is embedded in its own PackagePart.

InSignaturePart 1

该证书嵌入到为要添加的签名创建的 SignaturePart 中。The certificate is embedded in the SignaturePart that is created for the signature being added.

NotEmbedded 2

包中未嵌入证书。The certificate in not embedded in the package.

示例

下面的示例演示如何使用CertificateEmbeddingOptionPackageDigitalSignatureManager.CertificateOption设置属性。The following example shows how to use CertificateEmbeddingOption in order to set the PackageDigitalSignatureManager.CertificateOption property.

private static void SignAllParts(Package package)
{
    if (package == null)
        throw new ArgumentNullException("SignAllParts(package)");

    // Create the DigitalSignature Manager
    PackageDigitalSignatureManager dsm =
        new PackageDigitalSignatureManager(package);
    dsm.CertificateOption =
        CertificateEmbeddingOption.InSignaturePart;

    // Create a list of all the part URIs in the package to sign
    // (GetParts() also includes PackageRelationship parts).
    System.Collections.Generic.List<Uri> toSign =
        new System.Collections.Generic.List<Uri>();
    foreach (PackagePart packagePart in package.GetParts())
    {
        // Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri);
    }

    // Add the URI for SignatureOrigin PackageRelationship part.
    // The SignatureOrigin relationship is created when Sign() is called.
    // Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

    // Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin);

    // Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

    // Sign() will prompt the user to select a Certificate to sign with.
    try
    {
        dsm.Sign(toSign);
    }

    // If there are no certificates or the SmartCard manager is
    // not running, catch the exception and show an error message.
    catch (CryptographicException ex)
    {
        MessageBox.Show(
            "Cannot Sign\n" + ex.Message,
            "No Digital Certificates Available",
            MessageBoxButton.OK,
            MessageBoxImage.Exclamation);
    }

}// end:SignAllParts()

Private Shared Sub SignAllParts(ByVal package As Package)
    If package Is Nothing Then
        Throw New ArgumentNullException("SignAllParts(package)")
    End If

    ' Create the DigitalSignature Manager
    Dim dsm As New PackageDigitalSignatureManager(package)
    dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart

    ' Create a list of all the part URIs in the package to sign
    ' (GetParts() also includes PackageRelationship parts).
    Dim toSign As New System.Collections.Generic.List(Of Uri)()
    For Each packagePart As PackagePart In package.GetParts()
        ' Add all package parts to the list for signing.
        toSign.Add(packagePart.Uri)
    Next

    ' Add the URI for SignatureOrigin PackageRelationship part.
    ' The SignatureOrigin relationship is created when Sign() is called.
    ' Signing the SignatureOrigin relationship disables counter-signatures.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))

    ' Also sign the SignatureOrigin part.
    toSign.Add(dsm.SignatureOrigin)

    ' Add the package relationship to the signature origin to be signed.
    toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))

    ' Sign() will prompt the user to select a Certificate to sign with.
    Try
        dsm.Sign(toSign)
    Catch ex As CryptographicException

        ' If there are no certificates or the SmartCard manager is
        ' not running, catch the exception and show an error message.
        MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)

    End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
    target = value
    Return value
End Function
' end:SignAllParts()

注解

如果证书NotEmbedded在包中, 则验证签名的应用程序必须提供证书副本才能验证由它签名的签名。If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart添加了两个信息<KeyName><KeyValue>元素和KeyInfo , 作为已存储数字签名的字段的一部分。InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. <KeyName><KeyValue>元素不作为签名验证的一部分进行处理, 因此不能防止修改。The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. 应用程序不应对这两个元素的有效性做出任何假设。Applications should not make any assumption regarding the validity of these two elements. 若要避免未经检测的修改和可能的InCertificatePart InSignaturePart混淆, 应用程序应使用选项而不是。To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. 选项不提供或<KeyName>公开或<KeyValue>InCertificatePartThe InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.

适用于

另请参阅