dotnet · tdykstra · Aug 3, 2020 · Jul 14, 2020 · Jul 14, 2020 · Jul 14, 2020
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
@@ -3895,6 +3895,10 @@
       "redirect_url": "/dotnet/standard/analyzers/portability-analyzer",
       "redirect_document_id": true
     },
+    {
+      "source_path": "docs/standard/security/creating-a-cryptographic-scheme.md",
+      "redirect_url": "/dotnet/standard/security/cryptographic-services"
+    },
     {
       "source_path": "docs/standard/serialization/add-element-for-xmlschemaimporterextensions.md",
       "redirect_url": "/dotnet/standard/serialization/add-element-for-schemaimporterextensions"

diff --git a/docs/standard/security/creating-a-cryptographic-scheme.md b/docs/standard/security/creating-a-cryptographic-scheme.md
diff --git a/docs/standard/security/cross-platform-cryptography.md b/docs/standard/security/cross-platform-cryptography.md
@@ -363,3 +363,5 @@ macOS doesn't support a user-initiated timeout on CRL (Certificate Revocation Li
 
 * [.NET Cryptography Model](cryptography-model.md)
 * [.NET Cryptographic Services](cryptographic-services.md)
+* [Timing vulnerabilities with CBC-mode symmetric decryption using padding](vulnerabilities-cbc-mode.md)
+* [ASP.NET Core Data Protection](/aspnet/core/security/data-protection/introduction)
diff --git a/docs/standard/security/cryptographic-services.md b/docs/standard/security/cryptographic-services.md
diff --git a/docs/standard/security/cryptographic-signatures.md b/docs/standard/security/cryptographic-signatures.md
@@ -1,21 +1,21 @@
 ---
 title: "Cryptographic Signatures"
-ms.date: "03/30/2017"
+ms.date: 07/14/2020
 ms.technology: dotnet-standard
 dev_langs:
   - "csharp"
   - "vb"
 helpviewer_keywords:
   - "digital signatures"
-  - "cryptography [.NET Framework], signatures"
+  - "cryptography [.NET], signatures"
   - "digital signatures, XML signing"
   - "signatures, cryptographic"
   - "digital signatures, generating"
   - "verifying signatures"
   - "generating signatures"
   - "digital signatures, about"
-  - "encryption [.NET Framework], signatures"
-  - "security [.NET Framework], signatures"
+  - "encryption [.NET], signatures"
+  - "security [.NET], signatures"
   - "XML signing"
   - "digital signatures, verifying"
   - "signing XML"
@@ -26,13 +26,13 @@ ms.assetid: aa87cb7f-e608-4a81-948b-c9b8a1225783
 
 Cryptographic digital signatures use public key algorithms to provide data integrity. When you sign data with a digital signature, someone else can verify the signature, and can prove that the data originated from you and was not altered after you signed it. For more information about digital signatures, see [Cryptographic Services](cryptographic-services.md).
 
-This topic explains how to generate and verify digital signatures using classes in the <xref:System.Security.Cryptography?displayProperty=nameWithType> namespace.
+This topic explains how to generate and verify digital signatures using classes in the <xref:System.Security.Cryptography> namespace.
 
 ## Generating Signatures
 
-Digital signatures are usually applied to hash values that represent larger data. The following example applies a digital signature to a hash value. First, a new instance of the <xref:System.Security.Cryptography.RSACryptoServiceProvider> class is created to generate a public/private key pair. Next, the <xref:System.Security.Cryptography.RSACryptoServiceProvider> is passed to a new instance of the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter> class. This transfers the private key to the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter>, which actually performs the digital signing. Before you can sign the hash code, you must specify a hash algorithm to use. This example uses the SHA1 algorithm. Finally, the <xref:System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature%2A> method is called to perform the signing.
+Digital signatures are usually applied to hash values that represent larger data. The following example applies a digital signature to a hash value. First, a new instance of the <xref:System.Security.Cryptography.RSA> class is created to generate a public/private key pair. Next, the <xref:System.Security.Cryptography.RSA> is passed to a new instance of the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter> class. This transfers the private key to the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter>, which actually performs the digital signing. Before you can sign the hash code, you must specify a hash algorithm to use. This example uses the SHA1 algorithm. Finally, the <xref:System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature%2A> method is called to perform the signing.
 
-Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
+Due to collision problems with SHA1, we recommend SHA256 or better.
 
 ```vb
 Imports System.Security.Cryptography
@@ -46,10 +46,10 @@ Module Module1
         Dim signedHashValue() As Byte
 
         'Generate a public/private key pair.
-        Dim rsa As New RSACryptoServiceProvider()
+        Dim rsa As RSA = RSA.Create()
 
         'Create an RSAPKCS1SignatureFormatter object and pass it
-        'the RSACryptoServiceProvider to transfer the private key.
+        'the RSA instance to transfer the private key.
         Dim rsaFormatter As New RSAPKCS1SignatureFormatter(rsa)
 
         'Set the hash algorithm to SHA1.
@@ -77,10 +77,10 @@ class Class1
       byte[] signedHashValue;
 
       //Generate a public/private key pair.
-      RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
+      RSA rsa = RSA.Create();
 
       //Create an RSAPKCS1SignatureFormatter object and pass it the
-      //RSACryptoServiceProvider to transfer the private key.
+      //RSA instance to transfer the private key.
       RSAPKCS1SignatureFormatter rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
 
       //Set the hash algorithm to SHA1.
@@ -93,12 +93,6 @@ class Class1
 }
 ```
 
-### Signing XML Files
-
-The .NET Framework provides the <xref:System.Security.Cryptography.Xml> namespace, which enables you sign XML. Signing XML is important when you want to verify that the XML originates from a certain source. For example, if you are using a stock quote service that uses XML, you can verify the source of the XML if it is signed.
-
-The classes in this namespace follow the [XML-Signature Syntax and Processing recommendation](https://www.w3.org/TR/xmldsig-core/) from the World Wide Web Consortium.
-
 ## Verifying Signatures
 
 To verify that data was signed by a particular party, you must have the following information:
@@ -111,7 +105,7 @@ To verify that data was signed by a particular party, you must have the followin
 
 - The hash algorithm used by the signer.
 
-To verify a signature signed by the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter> class, use the <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> class. The <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> class must be supplied the public key of the signer. You will need the values of the modulus and the exponent to specify the public key. (The party that generated the public/private key pair should provide these values.) First create an <xref:System.Security.Cryptography.RSACryptoServiceProvider> object to hold the public key that will verify the signature, and then initialize an <xref:System.Security.Cryptography.RSAParameters> structure to the modulus and exponent values that specify the public key.
+To verify a signature signed by the <xref:System.Security.Cryptography.RSAPKCS1SignatureFormatter> class, use the <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> class. The <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> class must be supplied the public key of the signer. For RSA, you will need the values of the modulus and the exponent to specify the public key. (The party that generated the public/private key pair should provide these values.) First create an <xref:System.Security.Cryptography.RSA> object to hold the public key that will verify the signature, and then initialize an <xref:System.Security.Cryptography.RSAParameters> structure to the modulus and exponent values that specify the public key.
 
 The following code shows the creation of an <xref:System.Security.Cryptography.RSAParameters> structure. The `Modulus` property is set to the value of a byte array called `modulusData` and the `Exponent` property is set to the value of a byte array called `exponentData`.
 
@@ -127,12 +121,14 @@ rsaKeyInfo.Modulus = modulusData;
 rsaKeyInfo.Exponent = exponentData;
 ```
 
-After you have created the <xref:System.Security.Cryptography.RSAParameters> object, you can initialize a new instance of the <xref:System.Security.Cryptography.RSACryptoServiceProvider> class to the values specified in <xref:System.Security.Cryptography.RSAParameters>. The <xref:System.Security.Cryptography.RSACryptoServiceProvider> is, in turn, passed to the constructor of an <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> to transfer the key.
+After you have created the <xref:System.Security.Cryptography.RSAParameters> object, you can initialize a new instance of the <xref:System.Security.Cryptography.RSA> implementation class to the values specified in <xref:System.Security.Cryptography.RSAParameters>. The <xref:System.Security.Cryptography.RSA> instance is, in turn, passed to the constructor of an <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter> to transfer the key.
 
 The following example illustrates this process. In this example, `hashValue` and `signedHashValue` are arrays of bytes provided by a remote party. The remote party has signed the `hashValue` using the SHA1 algorithm, producing the digital signature `signedHashValue`. The <xref:System.Security.Cryptography.RSAPKCS1SignatureDeformatter.VerifySignature%2A?displayProperty=nameWithType> method verifies that the digital signature is valid and was used to sign the `hashValue`.
 
+Due to collision problems with SHA1, we recommend SHA256 or better.  However, if SHA1 was used to create the signature, you have to use SHA1 to verify the signature.
+
 ```vb
-Dim rsa As New RSACryptoServiceProvider()
+Dim rsa As RSA = RSA.Create()
 rsa.ImportParameters(rsaKeyInfo)
 Dim rsaDeformatter As New RSAPKCS1SignatureDeformatter(rsa)
 rsaDeformatter.SetHashAlgorithm("SHA1")
@@ -144,7 +140,7 @@ End If
 ```
 
 ```csharp
-RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
+RSA rsa = RSA.Create();
 rsa.ImportParameters(rsaKeyInfo);
 RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
 rsaDeformatter.SetHashAlgorithm("SHA1");
@@ -163,3 +159,6 @@ This code fragment will display "`The signature is valid`" if the signature is v
 ## See also
 
 - [Cryptographic Services](cryptographic-services.md)
+- [Cryptography Model](cryptography-model.md)
+- [Cross-Platform Cryptography](cross-platform-cryptography.md)
+- [ASP.NET Core Data Protection](/aspnet/core/security/data-protection/introduction)