1.5 KiB
SignedXml.GetPublicKey returns RSACng on net462 (or lightup) without retargeting change
Scope
Edge
Version Introduced
4.6.2
Version Reverted
4.7.1
Source Analyzer Status
NotPlanned
Change Description
Starting with the .NET Framework 4.6.2, the concrete type of the object returned by the xref:System.Security.Cryptography.Xml.SignedXml.GetPublicKey%2A?displayProperty=nameWithType method changed (without a quirk) from a CryptoServiceProvider implementation to a Cng implementation. This is because the implementation changed from using certificate.PublicKey.Key
to using the internal certificate.GetAnyPublicKey
which forwards to xref:System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey%2A?displayProperty=nameWithType.
- Quirked
- Build-time break
Recommended Action
Starting with apps running on the .NET Framework 4.7.1, you can use the CryptoServiceProvider implementation used by default in the .NET Framework 4.6.1 and earlier versions by adding the following configuration switch to the runtime section of your app config file:
<AppContextSwitchOverrides value="Switch.System.Security.Cryptography.Xml.SignedXmlUseLegacyCertificatePrivateKey=true" />
Affected APIs
M:System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(System.Security.Cryptography.AsymmetricAlgorithm@)
Category
Security