What does the Boolean returned by SignedXml.CheckSignature actually represent?

Question

When SignedXml.CheckSignature(AsymmetricAlgorithm key) returns true (or false), what exactly does this represent does this represent?

Does this mean that the Signature is valid; or that whatever Signature object you created matches when you tried to create the Signature again?

Answer 1

The SignedXml.CheckSignature(AsymmetricAlgorithm key) does three checks:

1. Checks that the hash of the SignedInfo in the signature is signed by the supplied key. This ensure that the data is from a sender with the corresponding public key.
2. Checks that the hash in the SignedInfo is correct. This ensures that the contents of the Signature block has not been tampered with.
3. Checks that the digest of all references are correct, after applying the listed transforms. This ensure that the data protected by the signature is not tampered with.

Note that you at this point has no idea what data is actually signed - it might be only parts of the document. Before trusting data, you also have to validate the signatures.