As we have seen here: https://msdn.microsoft.com/en-us/library/Aa905326.aspx
it is reasonably easy to sign a document package. However if I do this with my example .docx document, I always receive a "partly signed" document. In comparison, if I sign the document with Word itself.... next time opened, it shows "fully/completely signed" with signature Xxxx Xxxx. This confuses users and maybe it is even just a very unimportant part, that is signed.
What went wrong? I want a completely signed document.
Here is my working example:
using (var wd = WordprocessingDocument.Open(ofd.FileName, true))
{
Package wdPackage = wd.Package;
List<Uri> packageParts2sgn = wdPackage.GetParts().ToList()
.Where(part => !PackUriHelper.IsRelationshipPartUri(part.Uri))
.Select(p => p.Uri)
.ToList();
{
PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(wdPackage);
PackageRelationshipCollection relationships = wdPackage.GetRelationships();
List<PackageRelationshipSelector> relShipSelectors = relationships.Select(
rl =>
new PackageRelationshipSelector(
rl.SourceUri,
PackageRelationshipSelectorType.Id,
rl.Id)).ToList();
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindBySerialNumber,"600d923c00010014444e",true);
var certificate = collection[0];
dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
dsm.Sign(packageParts2sgn, certificate, relShipSelectors);
}