Some time ago I posted a sample which shows how to sign large CMS data by calling CryptMsg API directly (How to call CryptMsg API in streaming mode (C#)) and that way overcome the current limitations of SignedCms in .NET ("ASN1 value too large" error when calling SignedCms.ComputeSignature).
I continued working on the sample and extended it quite a lot. Current version implements SignedLargeCMS and EnvelopedLargeCMS, my own version of SignedCms and EnvelopedCMS to work with large data.
I already shared the p/invoke declarations I used (P/Invoking CryptoAPI in .NET. Part 2 (C#)), and you can find the full version of the sample at Codeplex.
I hope this helps.
Alex (Alejandro Campos Magencio)
Why the cosign method only support detached signature?
Hi Anlemaco, it is true that when using streaming, we only get detached cosigned messages. I figured it out when developing the sample. When I asked our Windows Product Group about this, they told me that streaming wasn’t designed to support adding a second signature. And there are no workarounds to this.
Thanks for your quick reply Alex. Do you know another way (different to streaming) to cosign big files in attached mode?
Well, you can always call the same APIs without streaming. Cosign should work fine in attached mode there. Now, you won't be able to sign such big files (which was the purpose of this sample).