I have modified the signed data, but VerifySignature method reports the signature as valid. Why is that?

The ValidateSignature() method checks the integrity of the signature (SignedInfo element), it doesn't check the signer key/certificate and the references. To validate references you need to call ValidateReferences() or ValidateReference(ref) methods.

Ready to get started?

Learn more about SecureBlackbox or download a free trial.

Download Now