There is a way to create packages, add some parts and sign it with a X509Certificate
.
I would also like to add a timestamping signature to the package.
If the certificate expires or gets revoked the signature should remain valid if the package parts have been timestamped before the expiration/revokation.
P.S. I'm using the System.IO.Packaging.Package
class defined in the WindowsBase.dll
assembly.
The following solution works it you're both the creator and the consumer of the package: