SecureBlackbox 16: I have modified the signed data, but the VerifySignature method reports the signature as valid. Why is that?
The ValidateSignature() method checks the integrity of the signature (the SignedInfo element); it doesn't check the signer key/certificate and the references. To validate the references you need to call the ValidateReferences() or ValidateReference(ref) methods.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.