daohualiuxiang
/
dotnet
mirror of https://github.com/microsoft/dotnet.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dotnet/Documentation/compatibility/RSACng-and-DSACng-not-usabl...

43 lines
2.3 KiB
Markdown
Raw Blame History

## RSACng and DSACng are once again usable in Partial Trust scenarios
### Scope
Edge
### Version Introduced
4.6.2
### Version Reverted
4.7.1
### Source Analyzer Status
NotPlanned
### Change Description
CngLightup (used in several higher-level crypto apis, such as <xref:System.Security.Cryptography.Xml.EncryptedXml?displayProperty=nameWithType>) and <xref:System.Security.Cryptography.RSACng?displayProperty=nameWithType> in some cases rely on full trust. These include P/Invokes without asserting <xref:System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode?displayProperty=nameWithType> permissions, and code paths where <xref:System.Security.Cryptography.CngKey?displayProperty=nameWithType> has permission demands for <xref:System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode?displayProperty=nameWithType>. Starting with the .NET Framework 4.6.2, CngLightup was used to switch to <xref:System.Security.Cryptography.RSACng?displayProperty=nameWithType> wherever possible. As a result, partial trust apps that successfully used <xref:System.Security.Cryptography.Xml.EncryptedXml?displayProperty=nameWithType> began to fail and throw <xref:System.Security.SecurityException> exceptions.
This change adds the required asserts so that all functions using CngLightup have the required permissions.
- [ ] Quirked
- [ ] Build-time break
### Recommended Action
If this change in the .NET Framework 4.6.2 has negatively impacted your partial trust apps, upgrade to the .NET Framework 4.7.1.
### Affected APIs
* `M:System.Security.Cryptography.DSACng.#ctor(System.Security.Cryptography.CngKey)`
* `P:System.Security.Cryptography.DSACng.Key`
* `P:System.Security.Cryptography.DSACng.LegalKeySizes`
* `M:System.Security.Cryptography.DSACng.CreateSignature(System.Byte[])`
* `M:System.Security.Cryptography.DSACng.VerifySignature(System.Byte[],System.Byte[])`
* `M:System.Security.Cryptography.RSACng.#ctor(System.Security.Cryptography.CngKey)`
* `P:System.Security.Cryptography.RSACng.Key`
* `M:System.Security.Cryptography.RSACng.Decrypt(System.Byte[],System.Security.Cryptography.RSAEncryptionPadding)`
* `M:System.Security.Cryptography.RSACng.SignHash(System.Byte[],System.Security.Cryptography.HashAlgorithmName,System.Security.Cryptography.RSASignaturePadding)`
### Category
Security
<!--
Bug # 400499
-->
Reference in New Issue View Git Blame Copy Permalink