dotnet/Documentation/compatibility/wpf-PackageDigitalSignature...

## The default hash algorithm for WPF PackageDigitalSignatureManager is now SHA256

### Scope
Edge

### Version Introduced
4.7.1

### Source Analyzer Status
NotPlanned

### Change Description
The `System.IO.Packaging.PackageDigitalSignatureManager` provides functionality for digital signatures in relation to WPF packages.  In the .NET Framework 4.7 and earlier versions, the default algorithm (<xref:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm?displayProperty=nameWithType>)
used for signing parts of a package was SHA1.  Due to recent security concerns with SHA1, this default has been changed to SHA256 starting with the .NET Framework 4.7.1.  This change affects all package signing, including XPS documents.

- [X] Quirked
- [ ] Build-time break

### Recommended Action
A developer who wants to utilize this change while targeting a framework version below .NET Framework 4.7.1 or a developer who requires the previous functionality while targeting .NET Framework 4.7.1 or greater 
can set the following AppContext flag appropriately.  A value of true will result in SHA1 being used as the default algorithm; false results in SHA256.

```xml
<configuration>
    <runtime>
        <AppContextSwitchOverrides value="Switch.MS.Internal.UseSha1AsDefaultHashAlgorithmForDigitalSignatures=true"/>
    </runtime>
</configuration>
```

### Affected APIs
P:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm

### Category
Windows Presentation Foundation (WPF)

<!--
    436861
-->
Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 (#499) * Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 * Addressing comments 2017-10-11 04:25:45 +08:00			`## The default hash algorithm for WPF PackageDigitalSignatureManager is now SHA256`

			`### Scope`
			`Edge`

			`### Version Introduced`
Merge latest from net471 into master * Regenerated readme, made changes to build readme (#520) * Replaced asset IDs with xrefs (#521) * Replaced asset IDs with xrefs * Formatting changes * .NET 4.7.1 Publishing Changes (#510) * Updates for Known Issues * Updates for Known Issues * Updates for Known Issues * Added API diffss for 4.7.1 * Added updates to 4.7.1 change list * Updates for readme, changelist and known issues * Fixed as per comments from rpetrusha 2017-10-18 05:13:24 +08:00			`4.7.1`
Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 (#499) * Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 * Addressing comments 2017-10-11 04:25:45 +08:00
			`### Source Analyzer Status`
			`NotPlanned`

			`### Change Description`
			The `System.IO.Packaging.PackageDigitalSignatureManager` provides functionality for digital signatures in relation to WPF packages. In the .NET Framework 4.7 and earlier versions, the default algorithm (<xref:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm?displayProperty=nameWithType>)
			`used for signing parts of a package was SHA1. Due to recent security concerns with SHA1, this default has been changed to SHA256 starting with the .NET Framework 4.7.1. This change affects all package signing, including XPS documents.`

			`- [X] Quirked`
			`- [ ] Build-time break`

			`### Recommended Action`
Misc issues (#644) * Miscellaneous formatting and link changes * Proper usage of .NET Framework * Removed 'please' 2018-03-01 08:06:28 +08:00			`A developer who wants to utilize this change while targeting a framework version below .NET Framework 4.7.1 or a developer who requires the previous functionality while targeting .NET Framework 4.7.1 or greater`
Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 (#499) * Breaking change notification for DDVSO436861 - PackageDigitalSignatureManager.DefaultHashAlgorithm is now SHA256 * Addressing comments 2017-10-11 04:25:45 +08:00			`can set the following AppContext flag appropriately. A value of true will result in SHA1 being used as the default algorithm; false results in SHA256.`

			```xml
			`<configuration>`
			`<runtime>`
			`<AppContextSwitchOverrides value="Switch.MS.Internal.UseSha1AsDefaultHashAlgorithmForDigitalSignatures=true"/>`
			`</runtime>`
			`</configuration>`
			```

			`### Affected APIs`
			`P:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm`

			`### Category`
			`Windows Presentation Foundation (WPF)`

			`<!--`
			`436861`
			`-->`