public byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { byte[] signedBytes; if (keyEntry is KSX509Certificate2Entry) { var cert = ((KSX509Certificate2Entry)keyEntry).Cert2; X509Certificate2Signature signer = new X509Certificate2Signature(cert, digestAlgo.GetName()); signedBytes = signer.Sign(Streams.ReadAll(stream)); stream.Close(); return signedBytes; } throw new ArgumentException("Only allowed KSX509Certificate2Entry", "keyEntry"); }