Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Starting in .NET 11, the Digital Signature Algorithm (DSA) is no longer supported on macOS. This removal only impacts "finite field" DSA. Elliptic Curve DSA (EC-DSA) isn't affected. Attempts to use DSA, DSACryptoServiceProvider, or other APIs that interact with DSA throw a PlatformNotSupportedException on macOS.
Version introduced
.NET 11 Preview 1
Previous behavior
Previously, the DSA algorithm and its supporting types, DSA, DSACryptoServiceProvider, and X.509 certificates with DSA keys functioned on macOS.
New behavior
DSA is no longer functional on macOS. Attempts to use DSA, DSACryptoServiceProvider, or other APIs that interact with DSA throw a PlatformNotSupportedException.
Type of breaking change
This change is a behavioral change.
Reason for change
.NET on macOS relies on the operating system to provide an implementation of DSA. Apple did this through a now obsolete library called SecurityTransforms, with no replacement. The implementation that Apple did offer was also limited in functionality. It only supported DSA-1024 with SHA-1, which is considered weak. Further, it never supported generating DSA keys.
iOS, tvOS, and MacCatalyst never supported DSA.
Recommended action
Migrate away from the DSA algorithm and use a modern cryptographic digital signature algorithm such as EC-DSA (Elliptic Curve DSA).
Affected APIs
- DSA.Create
- DSACryptoServiceProvider constructors
- DSACertificateExtensions.GetDSAPrivateKey(X509Certificate2)
- DSACertificateExtensions.GetDSAPublicKey(X509Certificate2)
- DSACertificateExtensions.CopyWithPrivateKey(X509Certificate2, DSA)
Additionally, any APIs that interact with DSA keys are affected.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
