CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption CertificateEmbeddingOption Enum


指定一个位置,其中存储了签名时所用的 X.509 证书。Specifies the location where the X.509 certificate that is used in signing is stored.

public enum class CertificateEmbeddingOption
public enum CertificateEmbeddingOption
type CertificateEmbeddingOption = 
Public Enum CertificateEmbeddingOption


InCertificatePart InCertificatePart InCertificatePart InCertificatePart 0

该证书嵌入在自己的 PackagePart 中。The certificate is embedded in its own PackagePart.

InSignaturePart InSignaturePart InSignaturePart InSignaturePart 1

该证书嵌入到为要添加的签名创建的 SignaturePart 中。The certificate is embedded in the SignaturePart that is created for the signature being added.

NotEmbedded NotEmbedded NotEmbedded NotEmbedded 2

包中未嵌入证书。The certificate in not embedded in the package.


下面的示例演示如何使用InSignaturePart以便设置PackageDigitalSignatureManagerCertificateOptionThe following example shows how to use InSignaturePart in order to set the PackageDigitalSignatureManager.CertificateOption 属性。property. 有关完整示例,请参阅使用数字签名示例创建一个包For the complete sample, see Creating a Package with a Digital Signature Sample.


如果证书 NotEmbedded 包中,验证签名的应用程序必须提供证书的副本,以验证由它签名的签名。If the certificate is NotEmbedded in the package, an application that verifies signatures must provide a copy of the certificate in order to verify the signatures that are signed by it.

InSignaturePart 添加两个信息性元素<KeyName><KeyValue>,作为的一部分KeyInfo字段存储的数字签名。InSignaturePart adds two informational elements, <KeyName> and <KeyValue>, as part of the KeyInfo field of the stored digital signature. <KeyName><KeyValue>元素不会处理作为签名验证的一部分,因此不安全的即使修改。The <KeyName> and <KeyValue> elements are not processed as part of signature validation and are therefore not secure from modification. 应用程序不应造成任何假设这两个元素的有效性。Applications should not make any assumption regarding the validity of these two elements. 为了避免未检测到的修改和可能的混淆,应用程序应使用而不是 InSignaturePart InCertificatePart 选项。To avoid undetected modification and possible confusion, applications should use the InCertificatePart option instead of InSignaturePart. InCertificatePart 选项并未提供或公开任一<KeyName><KeyValue>The InCertificatePart option does not provide or expose either <KeyName> or <KeyValue>.