dotnet · Copilot · Jan 7, 2026 · Jan 7, 2026 · Jan 9, 2026 · Jan 9, 2026
@@ -20,6 +20,12 @@ If you're migrating an app to .NET 11, the breaking changes listed here might af
 |-------------------------------------------------------------------|-------------------|
 | [Environment.TickCount made consistent with Windows timeout behavior](core-libraries/11/environment-tickcount-windows-behavior.md) | Behavioral change |
 
+## Cryptography
+
+| Title                                                            | Type of change    |
+|------------------------------------------------------------------|-------------------|
+| [DSA removed from macOS](cryptography/11/dsa-removed-macos.md) | Behavioral change |
+
 ## Globalization
 
 | Title | Type of change    |

@@ -0,0 +1,47 @@
+---
+title: "Breaking change: DSA removed from macOS"
+description: "Learn about the breaking change in .NET 11 where the Digital Signature Algorithm (DSA) is no longer supported on macOS."
+ms.date: 01/07/2026
+ai-usage: ai-assisted
+ms.custom: https://github.com/dotnet/docs/issues/48201
+---
+
+# DSA removed from macOS
+
+Starting in .NET 11, the Digital Signature Algorithm (DSA) is no longer supported on macOS. This removal only impacts "finite field" DSA. Elliptic Curve DSA (EC-DSA) isn't affected. Attempts to use <xref:System.Security.Cryptography.DSA>, <xref:System.Security.Cryptography.DSACryptoServiceProvider>, or other APIs that interact with DSA throw a <xref:System.PlatformNotSupportedException> on macOS.
+
+## Version introduced
+
+.NET 11 Preview 1
+
+## Previous behavior
+
+Previously, the DSA algorithm and its supporting types, <xref:System.Security.Cryptography.DSA>, <xref:System.Security.Cryptography.DSACryptoServiceProvider>, and X.509 certificates with DSA keys functioned on macOS.
+
+## New behavior
+
+DSA is no longer functional on macOS. Attempts to use <xref:System.Security.Cryptography.DSA>, <xref:System.Security.Cryptography.DSACryptoServiceProvider>, or other APIs that interact with DSA throw a <xref:System.PlatformNotSupportedException>.
+
+## Type of breaking change
+
+This change is a [behavioral change](../../categories.md#behavioral-change).
+
+## Reason for change
+
+.NET on macOS relies on the operating system to provide an implementation of DSA. Apple did this through a now obsolete library called SecurityTransforms, with no replacement. The implementation that Apple did offer was also limited in functionality. It only supported DSA-1024 with SHA-1, which is considered weak. Further, it never supported generating DSA keys.
+
+iOS, tvOS, and MacCatalyst never supported DSA.
+
+## Recommended action
+
+Migrate away from the DSA algorithm and use a modern cryptographic digital signature algorithm such as EC-DSA (Elliptic Curve DSA).
+
+## Affected APIs
+
+* <xref:System.Security.Cryptography.DSA.Create*?displayProperty=nameWithType>
+* [DSACryptoServiceProvider constructors](xref:System.Security.Cryptography.DSACryptoServiceProvider.%23ctor*)
+* <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.GetDSAPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2)?displayProperty=nameWithType>
+* <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.GetDSAPublicKey(System.Security.Cryptography.X509Certificates.X509Certificate2)?displayProperty=nameWithType>
+* <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.CopyWithPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.DSA)?displayProperty=nameWithType>
+
+Additionally, any APIs that interact with DSA keys are affected.
@@ -12,6 +12,10 @@ items:
             items:
               - name: Environment.TickCount made consistent with Windows timeout behavior
                 href: core-libraries/11/environment-tickcount-windows-behavior.md
+          - name: Cryptography
+            items:
+              - name: DSA removed from macOS
+                href: cryptography/11/dsa-removed-macos.md
           - name: Globalization
             items:
               - name: Japanese Calendar minimum supported date corrected

@@ -2,7 +2,7 @@
 title: Unsupported APIs on .NET Core and .NET 5+
 titleSuffix: ""
 description: Learn which .NET APIs always throw an exception on .NET Core and .NET 5 and later versions.
-ms.date: 11/07/2025
+ms.date: 01/08/2026
 ---
 # APIs that always throw exceptions on .NET (Core)
 
@@ -265,6 +265,11 @@ This article organizes the affected APIs by namespace.
 | <xref:System.Security.Cryptography.CspKeyContainerInfo.RandomlyGenerated?displayProperty=nameWithType> | Linux and macOS |
 | <xref:System.Security.Cryptography.CspKeyContainerInfo.Removable?displayProperty=nameWithType> | Linux and macOS |
 | <xref:System.Security.Cryptography.CspKeyContainerInfo.UniqueKeyContainerName?displayProperty=nameWithType> | Linux and macOS |
+| <xref:System.Security.Cryptography.DSA.Create*?displayProperty=nameWithType>\* | macOS |
+| <xref:System.Security.Cryptography.DSACryptoServiceProvider.%23ctor*>\* | macOS |
+| <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.GetDSAPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2)?displayProperty=nameWithType>\* | macOS |
+| <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.GetDSAPublicKey(System.Security.Cryptography.X509Certificates.X509Certificate2)?displayProperty=nameWithType>\* | macOS |
+| <xref:System.Security.Cryptography.X509Certificates.DSACertificateExtensions.CopyWithPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.DSA)?displayProperty=nameWithType>\* | macOS |
 | <xref:System.Security.Cryptography.DSAOpenSsl.%23ctor*> | macOS |
 | <xref:System.Security.Cryptography.ECDiffieHellmanCng.FromXmlString(System.String,System.Security.Cryptography.ECKeyXmlFormat)?displayProperty=nameWithType> | All |
 | <xref:System.Security.Cryptography.ECDiffieHellmanCng.ToXmlString(System.Security.Cryptography.ECKeyXmlFormat)?displayProperty=nameWithType> | All |
@@ -297,6 +302,8 @@ This article organizes the affected APIs by namespace.
 | <xref:System.Security.Cryptography.SymmetricAlgorithm.Create?displayProperty=nameWithType> | All |
 | <xref:System.Security.Cryptography.SymmetricAlgorithm.Create(System.String)?displayProperty=nameWithType> | All |
 
+\* .NET 11 and later versions.
+
 ## System.Security.Cryptography.Pkcs
 
 | Member | Platforms that throw |