SecureBlackbox 16: I have modified the signed data, but the VerifySignature method reports the signature as valid. Why is that?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

The ValidateSignature() method checks the integrity of the signature (the SignedInfo element); it doesn't check the signer key/certificate and the references. To validate the references you need to call the ValidateReferences() or ValidateReference(ref) methods.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at