Digital Signatures using System.IO.Packaging Classes

Hi,

I used the following code from the Windows SDK to digitally sign Word Documents but When I open the Signed documents in Word, Word is complaining it can't verify the Signatures and I notices that the Package folder and relatinonship entries are different when using the Word UI to digitally sign a document compared to using the Packaging API, is there anything different that needs to be done compared to the code below from the June CTP of the Windows SDK ?

private void Sign(Package package)

{

string _digitalSignatureUri =

"/package/services/digital-signature/_rels/origin.psdsor.rels";

if (package == null)

throw new ArgumentNullException("SignAllParts(package)");

// Create the DigitalSignature Manager

PackageDigitalSignatureManager dsm =

new PackageDigitalSignatureManager(package);

dsm.CertificateOption =

CertificateEmbeddingOption.InSignaturePart;

// Create a list of all the part URIs in the package to sign

// (GetParts() also includes PackageRelationship parts).

System.Collections.Generic.List<Uri> toSign =

new System.Collections.Generic.List<Uri>();

foreach (PackagePart packagePart in package.GetParts())

{

// Add all package parts to the list for signing.

toSign.Add(packagePart.Uri);

}

// Add the URI for SignatureOrigin PackageRelationship part.

// The SignatureOrigin relationship is created when Sign() is called.

// Signing the SignatureOrigin relationship disables counter-signatures.

Uri uriPartSignatureOriginRelationship = PackUriHelper.CreatePartUri(

new Uri(_digitalSignatureUri, UriKind.Relative));

toSign.Add(uriPartSignatureOriginRelationship);

// Sign() will prompt the user to select a Certificate to sign with.

try

{

dsm.Sign(toSign);

}

// If there are no certificates or the SmartCard manager is

// not running, catch the exception and show an error message.

catch (CryptographicException ex)

{

MessageBox.Show(

"Cannot Sign\n" + ex.Message,

"No Digital Certificates Available",

MessageBoxButton.OK,

MessageBoxImage.Exclamation);

}

}

 

Thanks,

Krishna

Hi Krishna,

I've just tried your code and it works for me. I didn't add your _digitalSignatureUri to the list of parts to sign. It is different from how Word signs your document though, the signature created using the packaging API freezes the Word UI because the signed file shouldn't be modified.

I'll try and find out more details on this.

 

Thanks !, I think the relationships that Word creates is different from what the Packaging Classes does. For me when I sign using the above code (excluding the _digitalSignatureUri) and open in Word, Word sees the Signature but says it can't verify the signature. Also I noticed the amount of details Captured by Word during Signing (Time, Desktop Resolution, etc.,) are not there when using the Packaging API. Let me know if you find something.

Sorry for replying so late to this.   This was a bug in the Packaging API code.  It's been fixed for the RTM build.  Office is looking for the time detail Krishna mentioned in his reply. 

- Kevin

It was based on July CTP build of Vista (5472.5 / 4306), I will try the Code in the RTM build and get back on the result.

-Krishna