There is a way to create packages, add some parts and sign it with a X509Certificate.
I would also like to add a timestamping signature to the package.
If the certificate expires or gets revoked the signature should remain valid if the package parts have been timestamped before the expiration/revokation.
P.S. I'm using the System.IO.Packaging.Package class defined in the WindowsBase.dll assembly.
On
Digital signatures in System.IO.Packaging rely on XMLDSIG. Tusted Timestamping (or secure timestamping) in terms of RFC 3161 was added on top with XML Advanced Electronic Signatures (XAdES) and the XAdES-T Profile. Microsoft Office documents use System.IO.Packaging as their format and so the Microsoft Documentation (MS-OFFCRYPTO) mentions XAdES-T as the form used.
Unfortunately there is no built in support in the .NET Framework itself. While Microsoft Office has the ability to utilize trusted time stamps for digital signatures.
Microsoft France published a library to support the standards in 2012 but it went offline and is not maintained anymore. But there is a snapshot of the sources on Github.
There are also a few other libraries your might consider helpful
The following solution works it you're both the creator and the consumer of the package: