dotnet/Documentation/compatibility/SignedXml.GetPublicKey-retu...

## SignedXml.GetPublicKey returns RSACng on net462 (or lightup) without retargeting change

### Scope
Edge

### Version Introduced
4.6.2

### Version Reverted
4.7.1

### Source Analyzer Status
NotPlanned

### Change Description

Starting with the .NET Framework 4.6.2, the concrete type of the object returned by the <xref:System.Security.Cryptography.Xml.SignedXml.GetPublicKey%2A?displayProperty=nameWithType> method changed (without a quirk) from a CryptoServiceProvider implementation to a Cng implementation. This is because the implementation changed from using `certificate.PublicKey.Key` to using the internal `certificate.GetAnyPublicKey` which forwards to <xref:System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey%2A?displayProperty=nameWithType>.

- [x] Quirked
- [ ] Build-time break

### Recommended Action

Starting with apps running on the .NET Framework 4.7.1, you can use the CryptoServiceProvider implementation used by default in the .NET Framework 4.6.1 and earlier versions by adding the following configuration switch to the [runtime](~/docs/framework/configure-apps/file-schema/runtime/runtime-element.md) section of your app config file:

```xml
<AppContextSwitchOverrides value="Switch.System.Security.Cryptography.Xml.SignedXmlUseLegacyCertificatePrivateKey=true" />
```

### Affected APIs
* `M:System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(System.Security.Cryptography.AsymmetricAlgorithm@)`

### Category
Security

<!--
Bug # 432261
-->
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			`## SignedXml.GetPublicKey returns RSACng on net462 (or lightup) without retargeting change`

			`### Scope`
			`Edge`

			`### Version Introduced`
			`4.6.2`

			`### Version Reverted`
			`4.7.1`

			`### Source Analyzer Status`
			`NotPlanned`

			`### Change Description`
Changes to parallel changes to dotnet/docs repo (#512) 2017-10-17 06:19:46 +08:00
Fixed bad links (#543) 2017-10-26 04:17:26 +08:00			Starting with the .NET Framework 4.6.2, the concrete type of the object returned by the <xref:System.Security.Cryptography.Xml.SignedXml.GetPublicKey%2A?displayProperty=nameWithType> method changed (without a quirk) from a CryptoServiceProvider implementation to a Cng implementation. This is because the implementation changed from using `certificate.PublicKey.Key` to using the internal `certificate.GetAnyPublicKey` which forwards to <xref:System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey%2A?displayProperty=nameWithType>.
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00
			`- [x] Quirked`
			`- [ ] Build-time break`

			`### Recommended Action`
Changes to parallel changes to dotnet/docs repo (#512) 2017-10-17 06:19:46 +08:00
Assorted changes (#625) * Assorted changes * Removed remaining occurences of 'en-us' 2018-02-21 02:29:52 +08:00			`Starting with apps running on the .NET Framework 4.7.1, you can use the CryptoServiceProvider implementation used by default in the .NET Framework 4.6.1 and earlier versions by adding the following configuration switch to the [runtime](~/docs/framework/configure-apps/file-schema/runtime/runtime-element.md) section of your app config file:`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00
			```xml
Fix broken docId 2017-10-10 04:22:58 +08:00			`<AppContextSwitchOverrides value="Switch.System.Security.Cryptography.Xml.SignedXmlUseLegacyCertificatePrivateKey=true" />`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			```

			`### Affected APIs`
Fix broken docId 2017-10-10 04:22:58 +08:00			* `M:System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(System.Security.Cryptography.AsymmetricAlgorithm@)`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00
			`### Category`
			`Security`

			`<!--`
Fix broken docId 2017-10-10 04:22:58 +08:00			`Bug # 432261`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			`-->`