dotnet/Documentation/compatibility/SignedXml.GetPublicKey-retu...

## SignedXml.GetPublicKey returns RSACng on net462 (or lightup) without retargeting change

### Scope
Edge

### Version Introduced
4.6.2

### Version Reverted
4.7.1

### Source Analyzer Status
NotPlanned

### Change Description
Starting with the .NET Framework 4.6.2, the concrete type of the object returned by the `<xref:System.Security.Cryptography.Xml.SignedXml.GetPublicKey%2A?displayProperty=nameWithType>` method changed (without a quirk) from a CryptoServiceProvider implementation to a Cng implementation. This is because the implementation changed from using certificate.PublicKey.Key to using the internal certificate.GetAnyPublicKey which forwards to `<xref:System.Security.Cryprography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey%2A?displayProperty=nameWithType>`.

- [x] Quirked
- [ ] Build-time break

### Recommended Action
Starting with apps running on the .NET Framework 4.7.1, you can use the CryptoServiceProvider implementation used by default in the .NET Framework 4.6.1 and earlier versions by adding the following configuration switch to the [runtime](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/runtime-element) section of your app config file:

```xml
<AppContextSwitchOverrides value="Switch.System.Security.Cryptography.Xml.SignedXmlUseLegacyCertificatePrivateKey=true" />
```

### Affected APIs
* `M:System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(System.Security.Cryptography.AsymmetricAlgorithm@)`

### Category
Security

<!--
Bug # 432261
-->
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			`## SignedXml.GetPublicKey returns RSACng on net462 (or lightup) without retargeting change`

			`### Scope`
			`Edge`

			`### Version Introduced`
			`4.6.2`

			`### Version Reverted`
			`4.7.1`

			`### Source Analyzer Status`
			`NotPlanned`

			`### Change Description`
			Starting with the .NET Framework 4.6.2, the concrete type of the object returned by the `<xref:System.Security.Cryptography.Xml.SignedXml.GetPublicKey%2A?displayProperty=nameWithType>` method changed (without a quirk) from a CryptoServiceProvider implementation to a Cng implementation. This is because the implementation changed from using certificate.PublicKey.Key to using the internal certificate.GetAnyPublicKey which forwards to `<xref:System.Security.Cryprography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey%2A?displayProperty=nameWithType>`.

			`- [x] Quirked`
			`- [ ] Build-time break`

			`### Recommended Action`
			`Starting with apps running on the .NET Framework 4.7.1, you can use the CryptoServiceProvider implementation used by default in the .NET Framework 4.6.1 and earlier versions by adding the following configuration switch to the [runtime](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/runtime-element) section of your app config file:`

			```xml
Fix broken docId 2017-10-10 04:22:58 +08:00			`<AppContextSwitchOverrides value="Switch.System.Security.Cryptography.Xml.SignedXmlUseLegacyCertificatePrivateKey=true" />`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			```

			`### Affected APIs`
Fix broken docId 2017-10-10 04:22:58 +08:00			* `M:System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(System.Security.Cryptography.AsymmetricAlgorithm@)`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00
			`### Category`
			`Security`

			`<!--`
Fix broken docId 2017-10-10 04:22:58 +08:00			`Bug # 432261`
Add breaking change docs (#487) * Add breaking change docs * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update Change-SignedXML-and-SignedCMS-default-algorithms-to-SHA256.md * Update RSACng-and-DSACng-not-usable-in-Partial-Trust-scenarios.md * Update SignedXml.GetPublicKey-returns-RSACng-on-net462.md * Update docs for SignedXML fixes * Remove unclosed comment in doc * Fixup some SignedXml docs * Fixup some SignedXml docs 2017-10-05 03:43:01 +08:00			`-->`