System.Security.Cryptography.Pkcs

Contains a type and a collection of values associated with that type.

Initializes a new instance of the class using an attribute represented by the specified object.

The attribute to store in this object.

Initializes a new instance of the class using an attribute represented by the specified object and the set of values associated with that attribute represented by the specified collection.

The attribute to store in this object. The set of values associated with the attribute represented by the parameter. The collection contains duplicate items.

Gets the object that specifies the object identifier for the attribute.

The object identifier for the attribute.

Gets the collection that contains the set of values that are associated with the attribute.

The set of values that is associated with the attribute.

Contains a set of objects.

Initializes a new instance of the class.

Initializes a new instance of the class, adding a specified to the collection.

A object that is added to the collection.

Adds the specified object to the collection.

The object to add to the collection. is . A cryptographic operation could not be completed. if the method returns the zero-based index of the added item; otherwise, .

Adds the specified object to the collection.

The object to add to the collection. is . A cryptographic operation could not be completed. The specified item already exists in the collection. if the method returns the zero-based index of the added item; otherwise, .

Copies the collection to an array of objects.

An array of objects that the collection is copied to. The zero-based index in to which the collection is to be copied. One of the arguments provided to a method was not valid. was passed to a method that does not accept it as a valid argument. The value of an argument was outside the allowable range of values as defined by the called method.

Gets a object for the collection.

if the method returns a object that can be used to enumerate the collection; otherwise, .

Removes the specified object from the collection.

The object to remove from the collection. is .

Copies the elements of this collection to an array, starting at a particular index.

The one-dimensional array that is the destination of the elements copied from this . The array must have zero-based indexing. The zero-based index in at which copying begins.

Returns an enumerator that iterates through the collection.

An object that can be used to iterate through the collection.

Gets the number of items in the collection.

The number of items in the collection.

Gets a value that indicates whether access to the collection is synchronized, or thread safe.

if access to the collection is thread safe; otherwise .

Gets the object at the specified index in the collection.

An value that represents the zero-based index of the object to retrieve. The object at the specified index.

Gets an object used to synchronize access to the collection.

An object used to synchronize access to the collection.

Provides enumeration functionality for the collection. This class cannot be inherited.

Advances the enumeration to the next object in the collection.

if the enumeration successfully moved to the next object; if the enumerator is at the end of the enumeration.

Resets the enumeration to the first object in the collection.

Gets the current object from the collection.

A object that represents the current cryptographic attribute in the collection.

Gets the current object from the collection.

A object that represents the current cryptographic attribute in the collection.

The class defines the algorithm used for a cryptographic operation.

The constructor creates an instance of the class by using a set of default parameters.

A cryptographic operation could not be completed.

The constructor creates an instance of the class with the specified algorithm identifier.

An object identifier for the algorithm. A cryptographic operation could not be completed.

The constructor creates an instance of the class with the specified algorithm identifier and key length.

An object identifier for the algorithm. The length, in bits, of the key. A cryptographic operation could not be completed.

The property sets or retrieves the key length, in bits. This property is not used for algorithms that use a fixed key length.

An int value that represents the key length, in bits.

The property sets or retrieves the object that specifies the object identifier for the algorithm.

An object that represents the algorithm.

The property sets or retrieves any parameters required by the algorithm.

An array of byte values that specifies any parameters required by the algorithm.

The class defines the recipient of a CMS/PKCS #7 message.

Initializes a new instance of the class with a specified certificate and recipient identifier type, using the default encryption mode for the public key algorithm.

The scheme to use for identifying which recipient certificate was used. The certificate to use when encrypting for this recipient. The parameter is . The value is not supported.

Initializes a new instance of the class with a specified RSA certificate, RSA encryption padding, and subject identifier.

The scheme to use for identifying which recipient certificate was used. The certificate to use when encrypting for this recipient. The RSA padding mode to use when encrypting for this recipient. The or parameter is . The parameter public key is not recognized as an RSA public key.

Initializes a new instance of the class with a specified certificate, using the default encryption mode for the public key algorithm and an subject identifier.

The certificate to use when encrypting for this recipient. The parameter is .

Initializes a new instance of the class with a specified RSA certificate and RSA encryption padding, using an subject identifier.

The certificate to use when encrypting for this recipient. The RSA padding mode to use when encrypting for this recipient. The or parameter is . The parameter public key is not recognized as an RSA public key. -or- The value is not supported.

Gets the certificate to use when encrypting for this recipient.

The certificate to use when encrypting for this recipient.

Gets the scheme to use for identifying which recipient certificate was used.

The scheme to use for identifying which recipient certificate was used.

Gets the RSA encryption padding to use when encrypting for this recipient.

The RSA encryption padding to use when encrypting for this recipient.

The class represents a set of objects. implements the interface.

The constructor creates an instance of the class.

The constructor creates an instance of the class and adds the specified recipient.

An instance of the class that represents the specified CMS/PKCS #7 recipient.

The constructor creates an instance of the class and adds recipients based on the specified subject identifier and set of certificates that identify the recipients.

A member of the enumeration that specifies the type of subject identifier. An collection that contains the certificates that identify the recipients.

The method adds a recipient to the collection.

A object that represents the recipient to add to the collection. is . If the method succeeds, the method returns an value that represents the zero-based position where the recipient is to be inserted. If the method fails, it throws an exception.

The method copies the collection to an array.

An object to which the collection is to be copied. The zero-based index in where the collection is copied. is not large enough to hold the specified elements. -or- does not contain the proper number of dimensions. is . is outside the range of elements in .

The method copies the collection to a array.

An array of objects where the collection is to be copied. The zero-based index for the array of objects in to which the collection is copied. is not large enough to hold the specified elements. -or- does not contain the proper number of dimensions. is . is outside the range of elements in .

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The method removes a recipient from the collection.

A object that represents the recipient to remove from the collection. is .

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The property retrieves the number of items in the collection.

An value that represents the number of items in the collection.

The property retrieves whether access to the collection is synchronized, or thread safe. This property always returns , which means that the collection is not thread safe.

A value of , which means that the collection is not thread safe.

The property retrieves the object at the specified index in the collection.

An value that represents the index in the collection. The index is zero based. The value of an argument was outside the allowable range of values as defined by the called method. A object at the specified index.

The property retrieves an object used to synchronize access to the collection.

An object that is used to synchronize access to the collection.

The class provides enumeration functionality for the collection. implements the interface.

The method advances the enumeration to the next object in the collection.

if the enumeration successfully moved to the next object; if the enumeration moved past the last item in the enumeration.

The method resets the enumeration to the first object in the collection.

The property retrieves the current object from the collection.

A object that represents the current recipient in the collection.

The property retrieves the current object from the collection.

A object that represents the current recipient in the collection.

Represents a potential signer for a CMS/PKCS#7 signed message.

Initializes a new instance of the class with default values.

Initializes a new instance of the class from a persisted key.

The CSP parameters to describe which signing key to use. .NET Core and .NET 5+ only: In all cases.

Initializes a new instance of the class with a specified subject identifier type.

The scheme to use for identifying which signing certificate was used.

Initializes a new instance of the class with a specified signer certificate and subject identifier type.

The scheme to use for identifying which signing certificate was used. The certificate whose private key will be used to sign a message.

Initializes a new instance of the class with a specified signer certificate, subject identifier type, and private key object.

One of the enumeration values that specifies the scheme to use for identifying which signing certificate was used. The certificate whose private key will be used to sign a message. The private key object to use when signing the message.

Initializes a new instance of the CmsSigner class with a specified signer certificate, subject identifier type, private key object, and RSA signature padding.

Initializes a new instance of the class with a specified signer certificate.

The certificate whose private key will be used to sign a message.

The property sets or retrieves the object that represents the signing certificate.

An object that represents the signing certificate.

Gets a collection of certificates which are considered with and .

A collection of certificates which are considered with and .

Gets or sets the algorithm identifier for the hash algorithm to use with the signature.

The algorithm identifier for the hash algorithm to use with the signature.

Gets or sets the option indicating how much of a the signer certificate's certificate chain should be embedded in the signed message.

One of the arguments provided to a method was not valid. One of the enumeration values that indicates how much of a the signer certificate's certificate chain should be embedded in the signed message.

Gets or sets the private key object to use during signing.

The private key to use during signing, or to use the private key associated with the property.

Gets or sets the RSA signature padding to use.

The RSA signature padding to use.

Gets a collections of attributes to associate with this signature that are also protected by the signature.

A collections of attributes to associate with this signature that are also protected by the signature.

Gets the scheme to use for identifying which signing certificate was used.

One of the arguments provided to a method was not valid. The scheme to use for identifying which recipient certificate was used.

Gets a collections of attributes to associate with this signature that are not protected by the signature.

A collections of attributes to associate with this signature that are not protected by the signature.

The class represents the CMS/PKCS #7 ContentInfo data structure as defined in the CMS/PKCS #7 standards document. This data structure is the basis for all CMS/PKCS #7 messages.

The constructor creates an instance of the class by using an array of byte values as the data and a default (OID) that represents the content type.

An array of byte values that represents the data from which to create the object. A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified content type and an array of byte values as the data.

An object that contains an object identifier (OID) that specifies the content type of the content. This can be data, digestedData, encryptedData, envelopedData, hashedData, signedAndEnvelopedData, or signedData. For more information, see Remarks. An array of byte values that represents the data from which to create the object. A null reference was passed to a method that does not accept it as a valid argument.

Retrieves the outer content type of an encoded CMS ContentInfo message.

An array of byte values that represents the encoded CMS ContentInfo message from which to retrieve the outer content type. is . cannot be decoded as a valid CMS ContentInfo value. The outer content type of the specified encoded CMS ContentInfo message.

Retrieves the outer content type of an encoded CMS ContentInfo message.

A read-only span of byte values that represents the encoded CMS ContentInfo message from which to retrieve the outer content type. cannot be decoded as a valid CMS ContentInfo value. The outer content type of the specified encoded CMS ContentInfo message.

The property retrieves the content of the CMS/PKCS #7 message.

An array of byte values that represents the content data.

The property retrieves the object that contains the (OID) of the content type of the inner content of the CMS/PKCS #7 message.

An object that contains the OID value that represents the content type.

Represents a CMS/PKCS#7 structure for enveloped data.

Initializes a new instance of the class with default values.

Initializes a new instance of the class with specified content information.

The message content to encrypt. The parameter is .

Initializes a new instance of the class with a specified symmetric encryption algorithm and content information.

The message content to encrypt. The identifier for the symmetric encryption algorithm to use when encrypting the message content. The or parameter is .

Decodes an array of bytes as a CMS/PKCS#7 EnvelopedData message.

The byte array containing the sequence of bytes to decode. The parameter is . The parameter was not successfully decoded.

Decodes the provided data as a CMS/PKCS#7 EnvelopedData message.

The data to decode. The parameter was not successfully decoded.

Decrypts the contents of the decoded enveloped CMS/PKCS#7 message via any available recipient by searching certificate stores for a matching certificate and key.

A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Decrypts the contents of the decoded enveloped CMS/PKCS#7 message via a specified recipient info by searching certificate stores for a matching certificate and key.

The recipient info to use for decryption. The parameter is . A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Decrypts the contents of the decoded enveloped CMS/PKCS#7 message via a specified recipient info with a specified private key.

The recipient info to use for decryption. The private key to use to decrypt the recipient-specific information. The or parameter is . A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Decrypts the contents of the decoded enveloped CMS/PKCS#7 message via a specified recipient info by searching certificate stores and a provided collection for a matching certificate and key.

The recipient info to use for decryption. A collection of certificates to use in addition to the certificate stores for finding a recipient certificate and private key. The or parameter is . A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Decrypts the contents of the decoded enveloped CMS/PKCS#7 message via any available recipient info by searching certificate stores and a provided collection for a matching certificate and key.

A collection of certificates to use in addition to the certificate stores for finding a recipient certificate and private key. The parameter was . A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Encodes the contents of the enveloped CMS/PKCS#7 message and returns it as a byte array.

A method call was invalid for the object's current state. A byte array representing the encoded form of the CMS/PKCS#7 message.

Encrypts the contents of the CMS/PKCS#7 message for a single specified recipient.

The recipient information describing the single recipient of this message. The parameter is . A cryptographic operation could not be completed.

Encrypts the contents of the CMS/PKCS#7 message for one or more recipients.

A collection describing the recipients for the message. The parameter is . A cryptographic operation could not be completed.

Gets the collection of certificates associated with the enveloped CMS/PKCS#7 message.

The collection of certificates associated with the enveloped CMS/PKCS#7 message.

Gets the identifier of the symmetric encryption algorithm associated with this message.

The identifier of the symmetric encryption algorithm associated with this message.

Gets the content information for the enveloped CMS/PKCS#7 message.

The content information for the enveloped CMS/PKCS#7 message.

Gets a collection that represents the recipients list for a decoded message. The default value is an empty collection.

A collection that represents the recipients list for a decoded message. The default value is an empty collection.

Gets the collection of unprotected (unencrypted) attributes associated with the enveloped CMS/PKCS#7 message.

The collection of unprotected (unencrypted) attributes associated with the enveloped CMS/PKCS#7 message.

Gets the version of the decoded enveloped CMS/PKCS#7 message.

The version of the decoded enveloped CMS/PKCS#7 message.

The class defines key agreement recipient information. Key agreement algorithms typically use the Diffie-Hellman key agreement algorithm, in which the two parties that establish a shared cryptographic key both take part in its generation and, by definition, agree on that key. This is in contrast to key transport algorithms, in which one party generates the key unilaterally and sends, or transports it, to the other party.

The property retrieves the date and time of the start of the key agreement protocol by the originator.

The recipient identifier type is not a subject key identifier. The date and time of the start of the key agreement protocol by the originator.

The property retrieves the encrypted recipient keying material.

An array of byte values that contain the encrypted recipient keying material.

The property retrieves the algorithm used to perform the key agreement.

The value of the algorithm used to perform the key agreement.

The property retrieves information about the originator of the key agreement for key agreement algorithms that warrant it.

An object that contains information about the originator of the key agreement.

The property retrieves attributes of the keying material.

The recipient identifier type is not a subject key identifier. The attributes of the keying material.

The property retrieves the identifier of the recipient.

The identifier of the recipient.

The property retrieves the version of the key agreement recipient. This is automatically set for objects in this class, and the value implies that the recipient is taking part in a key agreement algorithm.

The version of the object.

The class defines key transport recipient information. Key transport algorithms typically use the RSA algorithm, in which an originator establishes a shared cryptographic key with a recipient by generating that key and then transporting it to the recipient. This is in contrast to key agreement algorithms, in which the two parties that will be using a cryptographic key both take part in its generation, thereby mutually agreeing to that key.

The property retrieves the encrypted key for this key transport recipient.

An array of byte values that represents the encrypted key.

The property retrieves the key encryption algorithm used to encrypt the content encryption key.

An object that stores the key encryption algorithm identifier.

The property retrieves the subject identifier associated with the encrypted content.

A object that stores the identifier of the recipient taking part in the key transport.

The property retrieves the version of the key transport recipient. The version of the key transport recipient is automatically set for objects in this class, and the value implies that the recipient is taking part in a key transport algorithm.

An int value that represents the version of the key transport object.

Enables the creation of PKCS#12 PFX data values. This class cannot be inherited.

Initializes a new value of the class.

Add contents to the PFX in an bundle encrypted with a byte-based password from a byte array.

The contents to add to the PFX. The byte array to use as a password when encrypting the contents. The password-based encryption (PBE) parameters to use when encrypting the contents. The or parameter is . The parameter value is already encrypted. The PFX is already sealed ( is ). indicates that should be used, which requires -based passwords.

Add contents to the PFX in an bundle encrypted with a byte-based password from a span.

The contents to add to the PFX. The byte span to use as a password when encrypting the contents. The password-based encryption (PBE) parameters to use when encrypting the contents. The or parameter is . The parameter value is already encrypted. The PFX is already sealed ( is ). indicates that should be used, which requires -based passwords.

Add contents to the PFX in an bundle encrypted with a char-based password from a span.

The contents to add to the PFX. The span to use as a password when encrypting the contents. The password-based encryption (PBE) parameters to use when encrypting the contents. The or parameter is . The parameter value is already encrypted. The PFX is already sealed ( is ).

Add contents to the PFX in an bundle encrypted with a char-based password from a string.

The contents to add to the PFX. The string to use as a password when encrypting the contents. The password-based encryption (PBE) parameters to use when encrypting the contents. The or parameter is . The parameter value is already encrypted. The PFX is already sealed ( is ).

Add contents to the PFX without encrypting them.

The contents to add to the PFX. The parameter is . The PFX is already sealed ( is ).

Encodes the contents of a sealed PFX and returns it as a byte array.

The PFX is not sealed ( is ). A byte array representing the encoded form of the PFX.

Seals the PFX against further changes by applying a password-based Message Authentication Code (MAC) over the contents with a password from a span.

The password to use as a key for computing the MAC. The hash algorithm to use when computing the MAC. The iteration count for the Key Derivation Function (KDF) used in computing the MAC. The parameter is less than or equal to 0. The PFX is already sealed ( is ).

Seals the PFX against further changes by applying a password-based Message Authentication Code (MAC) over the contents with a password from a string.

Seals the PFX from further changes without applying tamper-protection.

The PFX is already sealed ( is ).

Attempts to encode the contents of a sealed PFX into a provided buffer.

The byte span to receive the PKCS#12 PFX data. When this method returns, contains a value that indicates the number of bytes written to . This parameter is treated as uninitialized. The PFX is not sealed ( is ). if is big enough to receive the output; otherwise, .

Gets a value that indicates whether the PFX data has been sealed.

A value that indicates whether the PFX data has been sealed.

Represents the PKCS#12 CertBag. This class cannot be inherited.

Initializes a new instance of the class using the specified certificate type and encoding.

The Object Identifier (OID) for the certificate type. The encoded certificate value. The parameter is . The parameter does not represent a single ASN.1 BER-encoded value.

Gets the contents of the CertBag interpreted as an X.509 public key certificate.

The content type is not the X.509 public key certificate content type. The contents were not valid for the X.509 certificate content type. A certificate decoded from the contents of the CertBag.

Gets the Object Identifier (OID) which identifies the content type of the encoded certificte value.

The Object Identifier (OID) which identifies the content type of the encoded certificate value.

Gets the uninterpreted certificate contents of the CertSafeBag.

The uninterpreted certificate contents of the CertSafeBag.

Gets a value indicating whether the content type of the encoded certificate value is the X.509 public key certificate content type.

if the content type is the X.509 public key certificate content type (1.2.840.113549.1.9.22.1); otherwise, .

Represents the kind of encryption associated with a PKCS#12 SafeContents value.

The SafeContents value is not encrypted.

The SafeContents value is encrypted with a password.

The SafeContents value is encrypted using public key cryptography.

The kind of encryption applied to the SafeContents is unknown or could not be determined.

Represents the data from PKCS#12 PFX contents. This class cannot be inherited.

Reads the provided data as a PKCS#12 PFX and returns an object view of the contents.

The data to interpret as a PKCS#12 PFX. When this method returns, contains a value that indicates the number of bytes from which were read by this method. This parameter is treated as uninitialized. to store without making a defensive copy; otherwise, . The default is . The contents of the parameter were not successfully decoded as a PKCS#12 PFX. An object view of the PKCS#12 PFX decoded from the input.

Attempts to verify the integrity of the contents with a password represented by a System.ReadOnlySpan{System.Char}.

The password to use to attempt to verify integrity. The value is not . The hash algorithm option specified by the PKCS#12 PFX contents could not be identified or is not supported by this platform. if the password successfully verifies the integrity of the contents; if the password is not correct or the contents have been altered.

Attempts to verify the integrity of the contents with a password represented by a .

Gets a read-only collection of the SafeContents values present in the PFX AuthenticatedSafe.

A read-only collection of the SafeContents values present in the PFX AuthenticatedSafe.

Gets a value that indicates the type of tamper protection provided for the contents.

One of the enumeration members that indicates the type of tamper protection provided for the contents.

Represents the type of anti-tampering applied to a PKCS#12 PFX value.

The PKCS#12 PFX value is not protected from tampering.

The PKCS#12 PFX value is protected from tampering with a Message Authentication Code (MAC) keyed with a password.

The PKCS#12 PFX value is protected from tampering with a digital signature using public key cryptography.

The type of anti-tampering applied to the PKCS#12 PFX is unknown or could not be determined.

Represents the KeyBag from PKCS#12, a container whose contents are a PKCS#8 PrivateKeyInfo. This class cannot be inherited.

Initializes a new instance of the from an existing encoded PKCS#8 PrivateKeyInfo value.

A BER-encoded PKCS#8 PrivateKeyInfo value. to store without making a defensive copy; otherwise, . The default is . The parameter does not represent a single ASN.1 BER-encoded value.

Gets a memory value containing the PKCS#8 PrivateKeyInfo value transported by this bag.

A memory value containing the PKCS#8 PrivateKeyInfo value transported by this bag.

Defines the core behavior of a SafeBag value from the PKCS#12 specification and provides a base for derived classes.

Called from constructors in derived classes to initialize the class.

The Object Identifier (OID), in dotted decimal form, indicating the data type of this SafeBag. The ASN.1 BER encoded value of the SafeBag contents. to store without making a defensive copy; otherwise, . The default is . The parameter is or the empty string. The parameter does not represent a single ASN.1 BER-encoded value.

Encodes the SafeBag value and returns it as a byte array.

The object identifier value passed to the constructor was invalid. A byte array representing the encoded form of the SafeBag.

Gets the Object Identifier (OID) identifying the content type of this SafeBag.

The Object Identifier (OID) identifying the content type of this SafeBag.

Attempts to encode the SafeBag value into a provided buffer.

The byte span to receive the encoded SafeBag value. When this method returns, contains a value that indicates the number of bytes written to . This parameter is treated as uninitialized. The object identifier value passed to the constructor was invalid. if is big enough to receive the output; otherwise, .

Gets the modifiable collection of attributes to encode with the SafeBag value.

The modifiable collection of attributes to encode with the SafeBag value.

Gets the ASN.1 BER encoding of the contents of this SafeBag.

The ASN.1 BER encoding of the contents of this SafeBag.

Represents a PKCS#12 SafeContents value. This class cannot be inherited.

Initializes a new instance of the class.

Adds a certificate to the SafeContents via a new and returns the newly created bag instance.

The certificate to add. The parameter is . This instance is read-only. The parameter is in an invalid state. The bag instance which was added to the SafeContents.

Adds an asymmetric private key to the SafeContents via a new and returns the newly created bag instance.

The asymmetric private key to add. The parameter is . This instance is read-only. The key export failed. The bag instance which was added to the SafeContents.

Adds a nested SafeContents to the SafeContents via a new and returns the newly created bag instance.

The nested contents to add to the SafeContents. The parameter is . The parameter is encrypted. This instance is read-only. The bag instance which was added to the SafeContents.

Adds a SafeBag to the SafeContents.

The SafeBag value to add. The parameter is . This instance is read-only.

Adds an ASN.1 BER-encoded value with a specified type identifier to the SafeContents via a new and returns the newly created bag instance.

The Object Identifier (OID) which identifies the data type of the secret value. The BER-encoded value representing the secret to add. The parameter is . This instance is read-only. The parameter does not represent a single ASN.1 BER-encoded value. The bag instance which was added to the SafeContents.

Adds an encrypted asymmetric private key to the SafeContents via a new from a byte-based password in an array and returns the newly created bag instance.

The asymmetric private key to add. The bytes to use as a password when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. The parameter is . This instance is read-only. The key export failed. The bag instance which was added to the SafeContents.

Adds an encrypted asymmetric private key to the SafeContents via a new from a byte-based password in a span and returns the newly created bag instance.

Adds an encrypted asymmetric private key to the SafeContents via a new from a character-based password in a span and returns the newly created bag instance.

The asymmetric private key to add. The password to use when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. The parameter is . This instance is read-only. The key export failed. The bag instance which was added to the SafeContents.

Adds an encrypted asymmetric private key to the SafeContents via a new from a character-based password in a string and returns the newly created bag instance.

Decrypts the contents of this SafeContents value using a byte-based password from an array.

The bytes to use as a password for decrypting the encrypted contents. The property is not . The password is incorrect. -or- The contents were not successfully decrypted.

Decrypts the contents of this SafeContents value using a byte-based password from a span.

The bytes to use as a password for decrypting the encrypted contents. The property is not . The password is incorrect. -or- The contents were not successfully decrypted.

Decrypts the contents of this SafeContents value using a character-based password from a span.

The password to use for decrypting the encrypted contents. The property is not . The password is incorrect. -or- The contents were not successfully decrypted.

Decrypts the contents of this SafeContents value using a character-based password from a string.

The password to use for decrypting the encrypted contents. The property is not . The password is incorrect. -or- The contents were not successfully decrypted.

Gets an enumerable representation of the SafeBag values contained within the SafeContents.

The contents are encrypted. An enumerable representation of the SafeBag values contained within the SafeContents.

Gets a value that indicates the type of encryption applied to the contents.

One of the enumeration values that indicates the type of encryption applied to the contents. The default value is .

Gets a value that indicates whether this instance in a read-only state.

if this value is in a read-only state; otherwise, . The default value is .

Represents the SafeContentsBag from PKCS#12, a container whose contents are a PKCS#12 SafeContents value. This class cannot be inherited.

Gets the SafeContents value contained within this bag.

The SafeContents value contained within this bag.

Represents the SecretBag from PKCS#12, a container whose contents are arbitrary data with a type identifier. This class cannot be inherited.

Gets the Object Identifier (OID) which identifies the data type of the secret value.

The Object Identifier (OID) which identifies the data type of the secret value.

Gets a memory value containing the BER-encoded contents of the bag.

A memory value containing the BER-encoded contents of the bag.

Represents the ShroudedKeyBag from PKCS#12, a container whose contents are a PKCS#8 EncryptedPrivateKeyInfo. This class cannot be inherited.

Initializes a new instance of the from an existing encoded PKCS#8 EncryptedPrivateKeyInfo value.

A BER-encoded PKCS#8 EncryptedPrivateKeyInfo value. to store without making a defensive copy; otherwise, . The default is . The parameter does not represent a single ASN.1 BER-encoded value.

Gets a memory value containing the PKCS#8 EncryptedPrivateKeyInfo value transported by this bag.

A memory value containing the PKCS#8 EncryptedPrivateKeyInfo value transported by this bag.

Enables the inspection of and creation of PKCS#8 PrivateKeyInfo and EncryptedPrivateKeyInfo values. This class cannot be inherited.

Initializes a new instance of the class.

The Object Identifier (OID) identifying the asymmetric algorithm this key is for. The BER-encoded algorithm parameters associated with this key, or to omit algorithm parameters when encoding. The algorithm-specific encoded private key. to store and without making a defensive copy; otherwise, . The default is . The parameter is . The parameter is not , empty, or a single BER-encoded value.

Exports a specified key as a PKCS#8 PrivateKeyInfo and returns its decoded interpretation.

The private key to represent in a PKCS#8 PrivateKeyInfo. The parameter is . The decoded interpretation of the exported PKCS#8 PrivateKeyInfo.

Reads the provided data as a PKCS#8 PrivateKeyInfo and returns an object view of the contents.

The data to interpret as a PKCS#8 PrivateKeyInfo value. When this method returns, contains a value that indicates the number of bytes read from . This parameter is treated as uninitialized. to store without making a defensive copy; otherwise, . The default is . The contents of the parameter were not successfully decoded as a PKCS#8 PrivateKeyInfo. An object view of the contents decoded as a PKCS#8 PrivateKeyInfo.

Decrypts the provided data using the provided byte-based password and decodes the output into an object view of the PKCS#8 PrivateKeyInfo.

The bytes to use as a password when decrypting the key material. The data to read as a PKCS#8 EncryptedPrivateKeyInfo structure in the ASN.1-BER encoding. When this method returns, contains a value that indicates the number of bytes read from . This parameter is treated as uninitialized. The password is incorrect. -or- The contents of indicate the Key Derivation Function (KDF) to apply is the legacy PKCS#12 KDF, which requires -based passwords. -or- The contents of do not represent an ASN.1-BER-encoded PKCS#8 EncryptedPrivateKeyInfo structure. An object view of the contents decrypted decoded as a PKCS#8 PrivateKeyInfo.

Decrypts the provided data using the provided character-based password and decodes the output into an object view of the PKCS#8 PrivateKeyInfo.

The password to use when decrypting the key material. The bytes of a PKCS#8 EncryptedPrivateKeyInfo structure in the ASN.1-BER encoding. When this method returns, contains a value that indicates the number of bytes read from . This parameter is treated as uninitialized. An object view of the contents decrypted decoded as a PKCS#8 PrivateKeyInfo.

Encodes the property data of this instance as a PKCS#8 PrivateKeyInfo and returns the encoding as a byte array.

A byte array representing the encoded form of the PKCS#8 PrivateKeyInfo.

Produces a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified byte-based password and encryption parameters.

The bytes to use as a password when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. indicates that should be used, which requires -based passwords. A byte array containing the encoded form of the PKCS#8 EncryptedPrivateKeyInfo.

Produces a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified character-based password and encryption parameters.

The password to use when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. A byte array containing the encoded form of the PKCS#8 EncryptedPrivateKeyInfo.

Attempts to encode the property data of this instance as a PKCS#8 PrivateKeyInfo, writing the results into a provided buffer.

The byte span to receive the PKCS#8 PrivateKeyInfo data. When this method returns, contains a value that indicates the number of bytes written to . This parameter is treated as uninitialized. if is big enough to receive the output; otherwise, .

Attempts to produce a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified byte-based password and encryption parameters, writing the results into a provided buffer.

The bytes to use as a password when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data. When this method returns, contains a value that indicates the number of bytes written to . This parameter is treated as uninitialized. if is big enough to receive the output; otherwise, .

Attempts to produce a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified character-based password and encryption parameters, writing the result into a provided buffer.

The password to use when encrypting the key material. The password-based encryption (PBE) parameters to use when encrypting the key material. The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data. When this method returns, contains a value that indicates the number of bytes written to . This parameter is treated as uninitialized. if is big enough to receive the output; otherwise, .

Gets the Object Identifier (OID) value identifying the algorithm this key is for.

The Object Identifier (OID) value identifying the algorithm this key is for.

Gets a memory value containing the BER-encoded algorithm parameters associated with this key.

A memory value containing the BER-encoded algorithm parameters associated with this key, or if no parameters were present.

Gets the modifiable collection of attributes for this private key.

The modifiable collection of attributes to encode with the private key.

Gets a memory value that represents the algorithm-specific encoded private key.

A memory value that represents the algorithm-specific encoded private key.

Represents an attribute used for CMS/PKCS #7 and PKCS #9 operations.

Initializes a new instance of the class.

Initializes a new instance of the class using a specified object as its attribute type and value.

An object that contains the PKCS #9 attribute type and value to use. The length of the member of the member of is zero. The member of is . -or- The member of the member of is .

Initializes a new instance of the class using a specified object as the attribute type and a specified ASN.1 encoded data as the attribute value.

An object that represents the PKCS #9 attribute type. An array of byte values that represents the PKCS #9 attribute value.

Initializes a new instance of the class using a specified string representation of an object identifier (OID) as the attribute type and a specified ASN.1 encoded data as the attribute value.

The string representation of an OID that represents the PKCS #9 attribute type. An array of byte values that contains the PKCS #9 attribute value.

Copies a PKCS #9 attribute type and value for this from the specified object.

An object that contains the PKCS #9 attribute type and value to use. does not represent a compatible attribute type. is .

Gets an object that represents the type of attribute associated with this object.

An object that represents the type of attribute associated with this object.

The class defines the type of the content of a CMS/PKCS #7 message.

The constructor creates an instance of the class.

Copies information from an object.

The object from which to copy information.

The property gets an object that contains the content type.

An object that contains the content type.

The class defines the description of the content of a CMS/PKCS #7 message.

The constructor creates an instance of the class.

The constructor creates an instance of the class by using the specified array of byte values as the encoded description of the content of a CMS/PKCS #7 message.

An array of byte values that specifies the encoded description of the CMS/PKCS #7 message.

The constructor creates an instance of the class by using the specified description of the content of a CMS/PKCS #7 message.

An instance of the class that specifies the description for the CMS/PKCS #7 message.

Copies information from an object.

The object from which to copy information.

The property retrieves the document description.

A object that contains the document description.

The class defines the name of a CMS/PKCS #7 message.

The constructor creates an instance of the class.

The constructor creates an instance of the class by using the specified array of byte values as the encoded name of the content of a CMS/PKCS #7 message.

An array of byte values that specifies the encoded name of the CMS/PKCS #7 message.

The constructor creates an instance of the class by using the specified name for the CMS/PKCS #7 message.

A object that specifies the name for the CMS/PKCS #7 message.

Copies information from an object.

The object from which to copy information.

The property retrieves the document name.

A object that contains the document name.

Represents the LocalKeyId attribute from PKCS#9.

Initializes a new instance of the class with an empty key identifier value.

Initializes a new instance of the class with a key identifier specified by a byte array.

A byte array containing the key identifier.

Initializes a new instance of the class with a key identifier specified by a byte span.

A byte array containing the key identifier.

Copies information from a object.

The object from which to copy information.

Gets a memory value containing the key identifier from this attribute.

A memory value containing the key identifier from this attribute.

The class defines the message digest of a CMS/PKCS #7 message.

The constructor creates an instance of the class.

Copies information from an object.

The object from which to copy information.

The property retrieves the message digest.

An array of byte values that contains the message digest.

Defines the signing date and time of a signature. A object can be used as an authenticated attribute of a object when an authenticated date and time are to accompany a digital signature.

The constructor creates an instance of the class.

The constructor creates an instance of the class by using the specified array of byte values as the encoded signing date and time of the content of a CMS/PKCS #7 message.

An array of byte values that specifies the encoded signing date and time of the CMS/PKCS #7 message.

The constructor creates an instance of the class by using the specified signing date and time.

A structure that represents the signing date and time of the signature.

Copies information from a object.

The object from which to copy information.

The property retrieves a structure that represents the date and time that the message was signed.

A structure that contains the date and time the document was signed.

The class represents information associated with a public key.

The property retrieves the algorithm identifier associated with the public key.

An object that represents the algorithm.

The property retrieves the value of the encoded public component of the public key pair.

An array of byte values that represents the encoded public component of the public key pair.

The class represents information about a CMS/PKCS #7 message recipient. The class is an abstract class inherited by the and classes.

The abstract property retrieves the encrypted recipient keying material.

An array of byte values that contain the encrypted recipient keying material.

The abstract property retrieves the algorithm used to perform the key establishment.

An object that contains the value of the algorithm used to establish the key between the originator and recipient of the CMS/PKCS #7 message.

The abstract property retrieves the identifier of the recipient.

A object that contains the identifier of the recipient.

The property retrieves the type of the recipient. The type of the recipient determines which of two major protocols is used to establish a key between the originator and the recipient of a CMS/PKCS #7 message.

A value of the enumeration that defines the type of the recipient.

The abstract property retrieves the version of the recipient information. Derived classes automatically set this property for their objects, and the value indicates whether it is using PKCS #7 or Cryptographic Message Syntax (CMS) to protect messages. The version also implies whether the object establishes a cryptographic key by a key agreement algorithm or a key transport algorithm.

An value that represents the version of the object.

The class represents a collection of objects. implements the interface.

The method copies the collection to an array.

An object to which the collection is to be copied. The zero-based index in where the collection is copied. One of the arguments provided to a method was not valid. A null reference was passed to a method that does not accept it as a valid argument. The value of an argument was outside the allowable range of values as defined by the called method.

The method copies the collection to a array.

An array of objects where the collection is to be copied. The zero-based index in where the collection is copied. One of the arguments provided to a method was not valid. A null reference was passed to a method that does not accept it as a valid argument. The value of an argument was outside the allowable range of values as defined by the called method.

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The property retrieves the number of items in the collection.

An int value that represents the number of items in the collection.

The property retrieves whether access to the collection is synchronized, or thread safe. This property always returns , which means the collection is not thread safe.

A value of , which means the collection is not thread safe.

The property retrieves the object at the specified index in the collection.

An int value that represents the index in the collection. The index is zero based. The value of an argument was outside the allowable range of values as defined by the called method. A object at the specified index.

The property retrieves an object used to synchronize access to the collection.

An object used to synchronize access to the collection.

The class provides enumeration functionality for the collection. implements the interface.

The method advances the enumeration to the next object in the collection.

This method returns a bool that specifies whether the enumeration successfully advanced. If the enumeration successfully moved to the next object, the method returns . If the enumeration moved past the last item in the enumeration, it returns .

The method resets the enumeration to the first object in the collection.

The property retrieves the current object from the collection.

A object that represents the current recipient information structure in the collection.

The property retrieves the current object from the collection.

A object that represents the current recipient information structure in the collection.

The enumeration defines the types of recipient information.

Key agreement recipient information.

Key transport recipient information.

The recipient information type is unknown.

Represents a time-stamping request from IETF RFC 3161.

Creates a timestamp request by hashing the provided data with a specified algorithm.

The data to timestamp, which will be hashed by this method. The hash algorithm to use with this timestamp request. The Object Identifier (OID) for a timestamp policy the Timestamp Authority (TSA) should use, or to express no preference. An optional nonce (number used once) to uniquely identify this request to pair it with the response. The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format. to indicate the Timestamp Authority (TSA) must include the signing certificate in the issued timestamp token; otherwise, . An optional collection of extensions to include in the request. . is or . is not a known hash algorithm. An representing the chosen values.

Create a timestamp request using a pre-computed hash value and the name of the hash algorithm.

The pre-computed hash value to be timestamped. The hash algorithm used to produce . The Object Identifier (OID) for the timestamp policy that the Timestamp Authority (TSA) should use, or to express no preference. An optional value used to uniquely match a request to a response, or to not include a nonce in the request. to indicate the Timestamp Authority (TSA) must include the signing certificate in the issued timestamp token; otherwise, . An optional collection of extensions to include in the request. is not a known hash algorithm. An representing the chosen values.

Create a timestamp request using a pre-computed hash value and the Object Identifier for the hash algorithm.

The pre-computed hash value to be timestamped. The Object Identifier (OID) for the hash algorithm that produced . The Object Identifier (OID) for a timestamp policy the Timestamp Authority (TSA) should use, or to express no preference. An optional nonce (number used once) to uniquely identify this request to pair it with the response. The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format. to indicate the Timestamp Authority (TSA) must include the signing certificate in the issued timestamp token; otherwise, . An optional collection of extensions to include in the request. is . . is not a valid OID. An representing the chosen values.

Creates a timestamp request by hashing the signature of the provided signer with a specified algorithm.

The CMS signer information to build a timestamp request for. The hash algorithm to use with this timestamp request. The Object Identifier (OID) for the timestamp policy that the Timestamp Authority (TSA) should use, or to express no preference. An optional nonce (number used once) to uniquely identify this request to pair it with the response. The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format. to indicate the Timestamp Authority (TSA) must include the signing certificate in the issued timestamp token; otherwise, . An optional collection of extensions to include in the request. is . . is or . is not a known hash algorithm. An representing the chosen values.

Encodes the timestamp request and returns it as a byte array.

A byte array containing the DER-encoded timestamp request.

Gets a collection with a copy of the extensions present on this request.

A collection with a copy of the extensions present on this request.

Gets the data hash for this timestamp request.

The data hash for this timestamp request as a read-only memory value.

Gets the nonce for this timestamp request.

The nonce for this timestamp request as a read-only memory value, if one was present; otherwise, .

Combines an encoded timestamp response with this request to produce a .

The DER encoded timestamp response. When this method returns, the number of bytes that were read from . This parameter is treated as uninitialized. The timestamp token from the response that corresponds to this request.

Attemps to interpret the contents of as a DER-encoded Timestamp Request.

The buffer containing a DER-encoded timestamp request. When this method returns, the successfully decoded timestamp request if decoding succeeded, or if decoding failed. This parameter is treated as uninitialized. When this method returns, the number of bytes that were read from . This parameter is treated as uninitialized. if was successfully interpreted as a Timestamp Request; otherwise, .

Attempts to encode the instance as an IETF RFC 3161 TimeStampReq, writing the bytes into the provided buffer.

The buffer to receive the encoded request. When this method returns, the total number of bytes written into . This parameter is treated as uninitialized. if is long enough to receive the encoded request; otherwise, .

Indicates whether or not the request has extensions.

if the request has any extensions; otherwise, .

Gets the Object Identifier (OID) for the hash algorithm associated with the request.

The Object Identifier (OID) for the hash algorithm associated with the request.

Gets the policy ID for the request, or when no policy ID was requested.

The policy ID for the request, or when no policy ID was requested.

Gets a value indicating whether or not the request indicated that the timestamp authority certificate is required to be in the response.

if the response must include the timestamp authority certificate; otherwise, .

Gets the data format version number for this request.

The data format version number for this request.

Represents a time-stamp token from IETF RFC 3161.

Gets a Signed Cryptographic Message Syntax (CMS) representation of the RFC3161 time-stamp token.

The representation of the .

Attemps to interpret the contents of as a DER-encoded time-stamp token.

The buffer containing a DER-encoded time-stamp token. When this method returns, the successfully decoded time-stamp token if decoding succeeded, or if decoding failed. This parameter is treated as uninitialized. When this method returns, the number of bytes that were read from . This parameter is treated as uninitialized. if was successfully interpreted as a time-stamp token; otherwise, .

Verifies that the current token is a valid time-stamp token for the provided data.

The data to verify against this time-stamp token. When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or if a signer certificate cannot be determined. This parameter is treated as uninitialized. An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token. if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data; otherwise, .

Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier.

The cryptographic hash to verify against this time-stamp token. The algorithm which produced . When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or if a signer certificate cannot be determined. This parameter is treated as uninitialized. An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token. if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data hash and algorithm; otherwise, .

Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier.

The cryptographic hash to verify against this time-stamp token. The OID of the hash algorithm. When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or if a signer certificate cannot be determined. This parameter is treated as uninitialized. An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token. if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data hash and algorithm; otherwise, .

Verifies that the current token is a valid time-stamp token for the provided .

The CMS signer information to verify the timestamp was built for. When this method returns, the certificate from the Timestamp Authority (TSA) that signed this token, or if a signer certificate cannot be determined. This parameter is treated as uninitialized. An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token. is . if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the signature for ; otherwise, .

Gets the details of this time-stamp token as a .

The details of this time-stamp token as a .

Represents the timestamp token information class defined in RFC3161 as TSTInfo.

Initializes a new instance of the class with the specified parameters.

An OID representing the TSA's policy under which the response was produced. A hash algorithm OID of the data to be timestamped. A hash value of the data to be timestamped. An integer assigned by the TSA to the . The timestamp encoded in the token. The accuracy with which is compared. Also see . to ensure that every timestamp token from the same TSA can always be ordered based on the , regardless of the accuracy; to make indicate when token has been created by the TSA. The nonce associated with this timestamp token. Using a nonce always allows to detect replays, and hence its use is recommended. The hint in the TSA name identification. The actual identification of the entity that signed the response will always occur through the use of the certificate identifier. The extension values associated with the timestamp. The ASN.1 data is corrupted.

Encodes this object into a TSTInfo value.

The encoded TSTInfo value.

Gets the extension values associated with the timestamp.

The extension values associated with the timestamp.

Gets the data representing the message hash.

The data representing the message hash.

Gets the nonce associated with this timestamp token.

The nonce associated with this timestamp token.

Gets an integer assigned by the TSA to the .

An integer assigned by the TSA to the .

Gets the data representing the hint in the TSA name identification.

The data representing the hint in the TSA name identification.

Decodes an encoded TSTInfo value.

The input or source buffer. When this method returns , the decoded data. When this method returns , the value is , meaning the data could not be decoded. The number of bytes used for decoding. if the operation succeeded; otherwise.

Attempts to encode this object as a TSTInfo value, writing the result into the provided buffer.

The destination buffer. When this method returns , contains the bytes written to the buffer. if the operation succeeded; if the buffer size was insufficient.

Gets the accuracy with which is compared.

The accuracy with which is compared.

Gets a value indicating whether there are any extensions associated with this timestamp token.

if there are any extensions associated with this timestamp token; otherwise.

Gets an OID of the hash algorithm.

An OID of the hash algorithm.

Gets a value indicating if every timestamp token from the same TSA can always be ordered based on the , regardless of the accuracy. If the value is , indicates when the token has been created by the TSA.

if every timestamp token from the same TSA can always be ordered based on the ; otherwise.

Gets an OID representing the TSA's policy under which the response was produced.

An OID representing the TSA's policy under which the response was produced.

Gets the timestamp encoded in the token.

The timestamp encoded in the token.

Gets the version of the timestamp token.

The version of the timestamp token.

The class enables signing and verifying of CMS/PKCS #7 messages.

The constructor creates an instance of the class.

A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified content information as the inner content.

A object that specifies the content information as the inner content of the message. A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified content information as the inner content and by using the detached state.

A object that specifies the content information as the inner content of the message. A value that specifies whether the object is for a detached signature. If is , the signature is detached. If is , the signature is not detached. A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified subject identifier type as the default subject identifier type for signers.

A member that specifies the default subject identifier type for signers. A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified subject identifier type as the default subject identifier type for signers and content information as the inner content.

A member that specifies the default subject identifier type for signers. A object that specifies the content information as the inner content of the message. A null reference was passed to a method that does not accept it as a valid argument.

The constructor creates an instance of the class by using the specified subject identifier type as the default subject identifier type for signers, the content information as the inner content, and by using the detached state.

A member that specifies the default subject identifier type for signers. A object that specifies the content information as the inner content of the message. A value that specifies whether the object is for a detached signature. If is , the signature is detached. If detached is , the signature is not detached. A null reference was passed to a method that does not accept it as a valid argument.

Adds a certificate to the collection of certificates for the encoded CMS/PKCS #7 message.

The certificate to add to the collection. The certificate already exists in the collection.

The method verifies the data integrity of the CMS/PKCS #7 message. is a specialized method used in specific security infrastructure applications that only wish to check the hash of the CMS message, rather than perform a full digital signature verification. does not authenticate the author nor sender of the message because this method does not involve verifying a digital signature. For general-purpose checking of the integrity and authenticity of a CMS/PKCS #7 message, use the or methods.

A method call was invalid for the object's current state.

The method verifies the digital signatures on the signed CMS/PKCS #7 message and, optionally, validates the signers' certificates.

A value that specifies whether only the digital signatures are verified without the signers' certificates being validated. If is , only the digital signatures are verified. If it is , the digital signatures are verified, the signers' certificates are validated, and the purposes of the certificates are validated. The purposes of a certificate are considered valid if the certificate has no key usage or if the key usage supports digital signatures or nonrepudiation. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed. A method call was invalid for the object's current state.

The method verifies the digital signatures on the signed CMS/PKCS #7 message by using the specified collection of certificates and, optionally, validates the signers' certificates.

An object that can be used to validate the certificate chain. If no additional certificates are to be used to validate the certificate chain, use instead of . A value that specifies whether only the digital signatures are verified without the signers' certificates being validated. If is , only the digital signatures are verified. If it is , the digital signatures are verified, the signers' certificates are validated, and the purposes of the certificates are validated. The purposes of a certificate are considered valid if the certificate has no key usage or if the key usage supports digital signatures or nonrepudiation. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed. A method call was invalid for the object's current state.

Creates a signature and adds the signature to the CMS/PKCS #7 message.

.NET Framework (all versions) and .NET Core 3.0 and later: The recipient certificate is not specified. .NET Core version 2.2 and earlier: No signer certificate was provided.

Creates a signature using the specified signer and adds the signature to the CMS/PKCS #7 message.

A object that represents the signer. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed.

Creates a signature using the specified signer and adds the signature to the CMS/PKCS #7 message.

A object that represents the signer. .NET Core and .NET 5+ only: to request opening keys with PIN prompts disabled, where supported; otherwise, . In .NET Framework, this parameter is not used and a PIN prompt is always shown, if required. is . A cryptographic operation could not be completed. .NET Framework only: A signing certificate is not specified. .NET Core and .NET 5+ only: A signing certificate is not specified.

Decodes an encoded message.

An array of byte values that represents the encoded CMS/PKCS#7 message to be decoded. is . could not be decoded successfully. A read-only span of byte values that represents the encoded CMS/PKCS#7 message to be decoded. could not be decoded successfully.

The method encodes the information in the object into a CMS/PKCS #7 message.

A cryptographic operation could not be completed. A method call was invalid for the object's current state. An array of byte values that represents the encoded message. The encoded message can be decoded by the method.

Removes the specified certificate from the collection of certificates for the encoded CMS/PKCS #7 message.

The certificate to remove from the collection. The certificate was not found.

Removes the signature at the specified index of the collection.

The zero-based index of the signature to remove. A CMS/PKCS #7 message is not signed, and is invalid. is less than zero. -or- is greater than the signature count minus 1. The signature could not be removed. -or- An internal cryptographic error occurred.

The method removes the signature for the specified object.

A object that represents the countersignature being removed. A null reference was passed to a method that does not accept it as a valid argument. The value of an argument was outside the allowable range of values as defined by the called method. A cryptographic operation could not be completed.

The property retrieves the certificates associated with the encoded CMS/PKCS #7 message.

An collection that represents the set of certificates for the encoded CMS/PKCS #7 message.

The property retrieves the inner contents of the encoded CMS/PKCS #7 message.

A object that represents the contents of the encoded CMS/PKCS #7 message.

The property retrieves whether the object is for a detached signature.

A value that specifies whether the object is for a detached signature. If this property is , the signature is detached. If this property is , the signature is not detached.

The property retrieves the collection associated with the CMS/PKCS #7 message.

A object that represents the signer information for the CMS/PKCS #7 message.

The property retrieves the version of the CMS/PKCS #7 message.

An int value that represents the CMS/PKCS #7 message version.

The class represents a signer associated with a object that represents a CMS/PKCS #7 message.

Adds the specified attribute to the current document.

The ASN.1 encoded attribute to add to the document. Cannot find the original signer. -or- ASN1 corrupted data.

The method verifies the data integrity of the CMS/PKCS #7 message signer information. is a specialized method used in specific security infrastructure applications in which the subject uses the HashOnly member of the enumeration when setting up a object. does not authenticate the signer information because this method does not involve verifying a digital signature. For general-purpose checking of the integrity and authenticity of CMS/PKCS #7 message signer information and countersignatures, use the or methods.

A cryptographic operation could not be completed.

The method verifies the digital signature of the message and, optionally, validates the certificate.

A bool value that specifies whether only the digital signature is verified. If is , only the signature is verified. If is , the digital signature is verified, the certificate chain is validated, and the purposes of the certificates are validated. The purposes of the certificate are considered valid if the certificate has no key usage or if the key usage supports digital signature or nonrepudiation. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed. A method call was invalid for the object's current state.

The method verifies the digital signature of the message by using the specified collection of certificates and, optionally, validates the certificate.

An object that can be used to validate the chain. If no additional certificates are to be used to validate the chain, use instead of . A bool value that specifies whether only the digital signature is verified. If is , only the signature is verified. If is , the digital signature is verified, the certificate chain is validated, and the purposes of the certificates are validated. The purposes of the certificate are considered valid if the certificate has no key usage or if the key usage supports digital signature or nonrepudiation. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed. A method call was invalid for the object's current state.

The method prompts the user to select a signing certificate, creates a countersignature, and adds the signature to the CMS/PKCS #7 message. Countersignatures are restricted to one level.

A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed.

The method creates a countersignature by using the specified signer and adds the signature to the CMS/PKCS #7 message. Countersignatures are restricted to one level.

A object that represents the counter signer. A null reference was passed to a method that does not accept it as a valid argument. A cryptographic operation could not be completed.

Retrieves the signature for the current object.

The signature for the current object.

The method removes the countersignature at the specified index of the collection.

The zero-based index of the countersignature to remove. A cryptographic operation could not be completed.

The method removes the countersignature for the specified object.

Removes the specified attribute from the current document.

The ASN.1 encoded attribute to remove from the document. Cannot find the original signer. -or- Attribute not found. -or- ASN1 corrupted data.

The property retrieves the signing certificate associated with the signer information.

An object that represents the signing certificate.

The property retrieves the set of counter signers associated with the signer information.

A collection that represents the counter signers for the signer information. If there are no counter signers, the property is an empty collection.

The property retrieves the object that represents the hash algorithm used in the computation of the signatures.

An object that represents the hash algorithm used with the signature.

Gets the identifier for the signature algorithm used by the current object.

The identifier for the signature algorithm used by the current object.

The property retrieves the collection of signed attributes that is associated with the signer information. Signed attributes are signed along with the rest of the message content.

A collection that represents the signed attributes. If there are no signed attributes, the property is an empty collection.

The property retrieves the certificate identifier of the signer associated with the signer information.

A object that uniquely identifies the certificate associated with the signer information.

The property retrieves the collection of unsigned attributes that is associated with the content. Unsigned attributes can be modified without invalidating the signature.

A collection that represents the unsigned attributes. If there are no unsigned attributes, the property is an empty collection.

The property retrieves the signer information version.

An int value that specifies the signer information version.

The class represents a collection of objects. implements the interface.

The method copies the collection to an array.

The method copies the collection to a array.

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The method returns a object for the collection.

A object that can be used to enumerate the collection.

The property retrieves the number of items in the collection.

An int value that represents the number of items in the collection.

The property retrieves whether access to the collection is synchronized, or thread safe. This property always returns , which means the collection is not thread safe.

A value of , which means the collection is not thread safe.

The property retrieves the object at the specified index in the collection.

The property retrieves an object is used to synchronize access to the collection.

An object is used to synchronize access to the collection.

The class provides enumeration functionality for the collection. implements the interface.

The method advances the enumeration to the next object in the collection.

This method returns a bool value that specifies whether the enumeration successfully advanced. If the enumeration successfully moved to the next object, the method returns . If the enumeration moved past the last item in the enumeration, it returns .

The method resets the enumeration to the first object in the collection.

The property retrieves the current object from the collection.

A object that represents the current signer information structure in the collection.

The property retrieves the current object from the collection.

A object that represents the current signer information structure in the collection.

The class defines the type of the identifier of a subject, such as a or a . The subject can be identified by the certificate issuer and serial number or the subject key.

Verifies if the specified certificate's subject identifier matches current subject identifier instance.

The certificate to match with the current subject identifier instance. Invalid subject identifier type. if the specified certificate's identifier matches the current subject identifier instance; otherwise, .

The property retrieves the type of subject identifier. The subject can be identified by the certificate issuer and serial number or the subject key.

A member of the enumeration that identifies the type of subject.

The property retrieves the value of the subject identifier. Use the property to determine the type of subject identifier, and use the property to retrieve the corresponding value.

An object that represents the value of the subject identifier. This can be one of the following objects as determined by the property. property Object IssuerAndSerialNumber SubjectKeyIdentifier

The class defines the type of the identifier of a subject, such as a or a . The subject can be identified by the certificate issuer and serial number, the hash of the subject key, or the subject key.

The property retrieves the type of subject identifier or key. The subject can be identified by the certificate issuer and serial number, the hash of the subject key, or the subject key.

A member of the enumeration that specifies the type of subject identifier.

The property retrieves the value of the subject identifier or key. Use the property to determine the type of subject identifier or key, and use the property to retrieve the corresponding value.

An object that represents the value of the subject identifier or key. This can be one of the following objects as determined by the property. property Object IssuerAndSerialNumber SubjectKeyIdentifier PublicKeyInfo

The enumeration defines how a subject is identified.

The subject is identified by the certificate issuer and serial number.

The subject is identified by the public key.

The subject is identified by the hash of the subject key.

The type is unknown.

The enumeration defines the type of subject identifier.

The subject is identified by the certificate issuer and serial number.

The subject is identified as taking part in an integrity check operation that uses only a hashing algorithm.

The subject is identified by the hash of the subject's public key. The hash algorithm used is determined by the signature algorithm suite in the subject's certificate.

The type of subject identifier is unknown.

Represents the <> element of an XML digital signature.

Gets or sets an X.509 certificate issuer's distinguished name.

An X.509 certificate issuer's distinguished name.

Gets or sets an X.509 certificate issuer's serial number.

An X.509 certificate issuer's serial number.