From ff85878ea88b62309e2a829826191b3c7d5f9926 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Tue, 4 Apr 2023 20:46:28 -0500
Subject: [PATCH 1/2] Resolve ILLink warnings in
 System.Security.Cryptography.Xml

Fix #73432
---
 .../Microsoft.Extensions.Configuration.Xml.cs | 12 +++
 ...rosoft.Extensions.Configuration.Xml.csproj |  4 +
 ...rosoft.Extensions.Configuration.Xml.csproj |  4 +
 .../src/XmlConfigurationExtensions.cs         |  7 ++
 .../src/XmlConfigurationProvider.cs           |  2 +
 .../src/XmlConfigurationSource.cs             |  3 +
 .../src/XmlDocumentDecryptor.cs               |  5 ++
 .../src/XmlStreamConfigurationProvider.cs     | 10 ++-
 .../src/XmlStreamConfigurationSource.cs       |  3 +
 .../ref/System.Security.Cryptography.Xml.cs   | 19 ++++
 .../System.Security.Cryptography.Xml.csproj   |  4 +
 .../src/ILLink/ILLink.Suppressions.xml        | 89 -------------------
 .../src/Resources/Strings.resx                |  4 +-
 .../System.Security.Cryptography.Xml.csproj   |  5 ++
 .../Security/Cryptography/Xml/CipherData.cs   |  1 +
 .../Cryptography/Xml/CipherReference.cs       |  2 +
 .../Cryptography/Xml/CryptoHelpers.cs         |  6 ++
 .../Xml/DSASignatureDescription.cs            |  8 ++
 .../Cryptography/Xml/EncryptedData.cs         |  2 +
 .../Security/Cryptography/Xml/EncryptedKey.cs |  1 +
 .../Cryptography/Xml/EncryptedReference.cs    |  1 +
 .../Cryptography/Xml/EncryptedType.cs         |  1 +
 .../Security/Cryptography/Xml/EncryptedXml.cs |  8 ++
 .../Security/Cryptography/Xml/KeyInfo.cs      |  2 +
 .../Cryptography/Xml/KeyInfoEncryptedKey.cs   |  2 +
 .../Xml/RSAPKCS1SHA1SignatureDescription.cs   |  2 +
 .../Xml/RSAPKCS1SHA256SignatureDescription.cs |  4 +
 .../Xml/RSAPKCS1SHA384SignatureDescription.cs |  4 +
 .../Xml/RSAPKCS1SHA512SignatureDescription.cs |  4 +
 .../Xml/RSAPKCS1SignatureDescription.cs       | 11 +++
 .../Security/Cryptography/Xml/Reference.cs    |  3 +
 .../Security/Cryptography/Xml/Signature.cs    |  2 +
 .../Security/Cryptography/Xml/SignedInfo.cs   |  1 +
 .../Security/Cryptography/Xml/SignedXml.cs    | 13 +++
 .../Cryptography/Xml/SignedXmlDebugLog.cs     |  3 +
 .../Cryptography/Xml/TransformChain.cs        |  2 +
 .../Xml/XmlDecryptionTransform.cs             | 15 +++-
 .../Cryptography/Xml/XmlLicenseTransform.cs   | 17 ++--
 38 files changed, 184 insertions(+), 102 deletions(-)
 delete mode 100644 src/libraries/System.Security.Cryptography.Xml/src/ILLink/ILLink.Suppressions.xml

diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
index 84d26a3faf4eaa..7251f33943a3c5 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
@@ -8,21 +8,29 @@ namespace Microsoft.Extensions.Configuration
 {
     public static partial class XmlConfigurationExtensions
     {
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, Microsoft.Extensions.FileProviders.IFileProvider? provider, string path, bool optional, bool reloadOnChange) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, System.Action<Microsoft.Extensions.Configuration.Xml.XmlConfigurationSource>? configureSource) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path, bool optional) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path, bool optional, bool reloadOnChange) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlStream(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, System.IO.Stream stream) { throw null; }
     }
 }
 namespace Microsoft.Extensions.Configuration.Xml
 {
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlConfigurationProvider : Microsoft.Extensions.Configuration.FileConfigurationProvider
     {
         public XmlConfigurationProvider(Microsoft.Extensions.Configuration.Xml.XmlConfigurationSource source) : base (default(Microsoft.Extensions.Configuration.FileConfigurationSource)) { }
         public override void Load(System.IO.Stream stream) { }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlConfigurationSource : Microsoft.Extensions.Configuration.FileConfigurationSource
     {
         public XmlConfigurationSource() { }
@@ -32,16 +40,20 @@ public partial class XmlDocumentDecryptor
     {
         public static readonly Microsoft.Extensions.Configuration.Xml.XmlDocumentDecryptor Instance;
         protected XmlDocumentDecryptor() { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public System.Xml.XmlReader CreateDecryptingXmlReader(System.IO.Stream input, System.Xml.XmlReaderSettings? settings) { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         [System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
         protected virtual System.Xml.XmlReader DecryptDocumentAndCreateXmlReader(System.Xml.XmlDocument document) { throw null; }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlStreamConfigurationProvider : Microsoft.Extensions.Configuration.StreamConfigurationProvider
     {
         public XmlStreamConfigurationProvider(Microsoft.Extensions.Configuration.Xml.XmlStreamConfigurationSource source) : base (default(Microsoft.Extensions.Configuration.StreamConfigurationSource)) { }
         public override void Load(System.IO.Stream stream) { }
         public static System.Collections.Generic.IDictionary<string, string?> Read(System.IO.Stream stream, Microsoft.Extensions.Configuration.Xml.XmlDocumentDecryptor decryptor) { throw null; }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlStreamConfigurationSource : Microsoft.Extensions.Configuration.StreamConfigurationSource
     {
         public XmlStreamConfigurationSource() { }
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.csproj b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.csproj
index f9b3e918dfaf99..a47695aed8f875 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.csproj
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.csproj
@@ -7,6 +7,10 @@
     <Compile Include="Microsoft.Extensions.Configuration.Xml.cs" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="$(LibrariesProjectRoot)Microsoft.Extensions.Configuration\ref\Microsoft.Extensions.Configuration.csproj" />
     <ProjectReference Include="$(LibrariesProjectRoot)Microsoft.Extensions.Configuration.Abstractions\ref\Microsoft.Extensions.Configuration.Abstractions.csproj" />
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/Microsoft.Extensions.Configuration.Xml.csproj b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/Microsoft.Extensions.Configuration.Xml.csproj
index ebed3438986d4d..52e26e11a402f9 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/Microsoft.Extensions.Configuration.Xml.csproj
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/Microsoft.Extensions.Configuration.Xml.csproj
@@ -17,6 +17,10 @@
              Link="Common\System\ThrowHelper.cs" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
+  </ItemGroup>
+
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'">
     <Reference Include="System.Security" />
   </ItemGroup>
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationExtensions.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationExtensions.cs
index e0d1cee1a6c29a..3a132299394ccf 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationExtensions.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationExtensions.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.Extensions.Configuration.Xml;
 using Microsoft.Extensions.FileProviders;
@@ -20,6 +21,7 @@ public static class XmlConfigurationExtensions
         /// <param name="path">Path relative to the base path stored in
         /// <see cref="IConfigurationBuilder.Properties"/> of <paramref name="builder"/>.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builder, string path)
         {
             return AddXmlFile(builder, provider: null, path: path, optional: false, reloadOnChange: false);
@@ -33,6 +35,7 @@ public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builde
         /// <see cref="IConfigurationBuilder.Properties"/> of <paramref name="builder"/>.</param>
         /// <param name="optional">Whether the file is optional.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builder, string path, bool optional)
         {
             return AddXmlFile(builder, provider: null, path: path, optional: optional, reloadOnChange: false);
@@ -47,6 +50,7 @@ public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builde
         /// <param name="optional">Whether the file is optional.</param>
         /// <param name="reloadOnChange">Whether the configuration should be reloaded if the file changes.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builder, string path, bool optional, bool reloadOnChange)
         {
             return AddXmlFile(builder, provider: null, path: path, optional: optional, reloadOnChange: reloadOnChange);
@@ -62,6 +66,7 @@ public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builde
         /// <param name="optional">Whether the file is optional.</param>
         /// <param name="reloadOnChange">Whether the configuration should be reloaded if the file changes.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builder, IFileProvider? provider, string path, bool optional, bool reloadOnChange)
         {
             ThrowHelper.ThrowIfNull(builder);
@@ -87,6 +92,7 @@ public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builde
         /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
         /// <param name="configureSource">Configures the source.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builder, Action<XmlConfigurationSource>? configureSource)
             => builder.Add(configureSource);
 
@@ -96,6 +102,7 @@ public static IConfigurationBuilder AddXmlFile(this IConfigurationBuilder builde
         /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
         /// <param name="stream">The <see cref="Stream"/> to read the XML configuration data from.</param>
         /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
         public static IConfigurationBuilder AddXmlStream(this IConfigurationBuilder builder, Stream stream)
         {
             ThrowHelper.ThrowIfNull(builder);
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationProvider.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationProvider.cs
index bbfa7a32651f1e..6f3f33510f626e 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationProvider.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationProvider.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 
 namespace Microsoft.Extensions.Configuration.Xml
@@ -8,6 +9,7 @@ namespace Microsoft.Extensions.Configuration.Xml
     /// <summary>
     /// Represents an XML file as an <see cref="IConfigurationSource"/>.
     /// </summary>
+    [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
     public class XmlConfigurationProvider : FileConfigurationProvider
     {
         /// <summary>
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationSource.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationSource.cs
index 02b01971e1117f..6466b65299a1e2 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationSource.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlConfigurationSource.cs
@@ -1,11 +1,14 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.Extensions.Configuration.Xml
 {
     /// <summary>
     /// An XML file based <see cref="FileConfigurationSource"/>.
     /// </summary>
+    [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
     public class XmlConfigurationSource : FileConfigurationSource
     {
         /// <summary>
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
index 2fe2ce2df91a06..80a2b8a5714e60 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Runtime.Versioning;
 using System.Security.Cryptography.Xml;
@@ -14,6 +15,8 @@ namespace Microsoft.Extensions.Configuration.Xml
     /// </summary>
     public class XmlDocumentDecryptor
     {
+        internal const string RequiresUnreferencedCodeMessage = "Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.";
+
         /// <summary>
         /// Accesses the singleton decryptor instance.
         /// </summary>
@@ -53,6 +56,7 @@ private static bool ContainsEncryptedData(XmlDocument document)
         /// <param name="input">The input <see cref="Stream"/> to read the XML configuration data from.</param>
         /// <param name="settings">The settings for the new <see cref="XmlReader"/> instance.</param>
         /// <returns>An <see cref="XmlReader"/> that decrypts data transparently.</returns>
+        [RequiresUnreferencedCode(RequiresUnreferencedCodeMessage)]
         public XmlReader CreateDecryptingXmlReader(Stream input, XmlReaderSettings? settings)
         {
             // XML-based configurations aren't really all that big, so we can buffer
@@ -92,6 +96,7 @@ public XmlReader CreateDecryptingXmlReader(Stream input, XmlReaderSettings? sett
         /// <param name="document">The document.</param>
         /// <returns>An XmlReader which can read the document.</returns>
         [UnsupportedOSPlatform("browser")]
+        [RequiresUnreferencedCode(RequiresUnreferencedCodeMessage)]
         protected virtual XmlReader DecryptDocumentAndCreateXmlReader(XmlDocument document)
         {
             // Perform the actual decryption step, updating the XmlDocument in-place.
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationProvider.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationProvider.cs
index e5c9b5e7d69ffb..ba6e98d1f1fc4b 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationProvider.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationProvider.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.IO;
 using System.Text;
@@ -13,9 +14,14 @@ namespace Microsoft.Extensions.Configuration.Xml
     /// <summary>
     /// An XML file based <see cref="IConfigurationProvider"/>.
     /// </summary>
+    [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
     public class XmlStreamConfigurationProvider : StreamConfigurationProvider
     {
-        private const string NameAttributeKey = "Name";
+        // work around https://github.com/dotnet/runtime/issues/81864 by splitting this into a separate class.
+        internal static class Consts
+        {
+            internal const string NameAttributeKey = "Name";
+        }
 
         /// <summary>
         /// Constructor.
@@ -227,7 +233,7 @@ private static void ReadAttributes(XmlReader reader, XmlConfigurationElement ele
 
             while (reader.MoveToNextAttribute())
             {
-                if (string.Equals(reader.LocalName, NameAttributeKey, StringComparison.OrdinalIgnoreCase))
+                if (string.Equals(reader.LocalName, Consts.NameAttributeKey, StringComparison.OrdinalIgnoreCase))
                 {
                     // If there is a namespace attached to current attribute
                     if (!string.IsNullOrEmpty(reader.NamespaceURI))
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationSource.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationSource.cs
index f28672fbd3d956..42bc346caf0ff4 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationSource.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlStreamConfigurationSource.cs
@@ -1,11 +1,14 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.Extensions.Configuration.Xml
 {
     /// <summary>
     /// Represents a XML file as an <see cref="IConfigurationSource"/>.
     /// </summary>
+    [RequiresUnreferencedCode(XmlDocumentDecryptor.RequiresUnreferencedCodeMessage)]
     public class XmlStreamConfigurationSource : StreamConfigurationSource
     {
         /// <summary>
diff --git a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
index d53d23b1c55c11..990889f2a9941e 100644
--- a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
@@ -16,6 +16,7 @@ public CipherData(System.Security.Cryptography.Xml.CipherReference cipherReferen
         [System.Diagnostics.CodeAnalysis.DisallowNullAttribute]
         public byte[]? CipherValue { get { throw null; } set { } }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class CipherReference : System.Security.Cryptography.Xml.EncryptedReference
@@ -24,6 +25,7 @@ public CipherReference() { }
         public CipherReference(string uri) { }
         public CipherReference(string uri, System.Security.Cryptography.Xml.TransformChain transformChain) { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public partial class DataObject
@@ -57,6 +59,7 @@ public sealed partial class EncryptedData : System.Security.Cryptography.Xml.Enc
     {
         public EncryptedData() { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class EncryptedKey : System.Security.Cryptography.Xml.EncryptedType
@@ -69,6 +72,7 @@ public EncryptedKey() { }
         public void AddReference(System.Security.Cryptography.Xml.DataReference dataReference) { }
         public void AddReference(System.Security.Cryptography.Xml.KeyReference keyReference) { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public abstract partial class EncryptedReference
@@ -82,6 +86,7 @@ protected EncryptedReference(string uri, System.Security.Cryptography.Xml.Transf
         public string Uri { get { throw null; } set { } }
         public void AddTransform(System.Security.Cryptography.Xml.Transform transform) { }
         public virtual System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public virtual void LoadXml(System.Xml.XmlElement value) { }
     }
     public abstract partial class EncryptedType
@@ -98,6 +103,7 @@ protected EncryptedType() { }
         public virtual string? Type { get { throw null; } set { } }
         public void AddProperty(System.Security.Cryptography.Xml.EncryptionProperty ep) { }
         public abstract System.Xml.XmlElement GetXml();
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public abstract void LoadXml(System.Xml.XmlElement value);
     }
     public partial class EncryptedXml
@@ -119,8 +125,11 @@ public partial class EncryptedXml
         public const string XmlEncSHA512Url = "http://www.w3.org/2001/04/xmlenc#sha512";
         public const string XmlEncTripleDESKeyWrapUrl = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
         public const string XmlEncTripleDESUrl = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public EncryptedXml() { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public EncryptedXml(System.Xml.XmlDocument document) { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public EncryptedXml(System.Xml.XmlDocument document, System.Security.Policy.Evidence? evidence) { }
         public System.Security.Policy.Evidence? DocumentEvidence { get { throw null; } set { } }
         public System.Text.Encoding Encoding { get { throw null; } set { } }
@@ -210,6 +219,7 @@ public void AddClause(System.Security.Cryptography.Xml.KeyInfoClause clause) { }
         public System.Collections.IEnumerator GetEnumerator() { throw null; }
         public System.Collections.IEnumerator GetEnumerator(System.Type requestedObjectType) { throw null; }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
     public abstract partial class KeyInfoClause
@@ -218,6 +228,7 @@ protected KeyInfoClause() { }
         public abstract System.Xml.XmlElement GetXml();
         public abstract void LoadXml(System.Xml.XmlElement element);
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class KeyInfoEncryptedKey : System.Security.Cryptography.Xml.KeyInfoClause
     {
         public KeyInfoEncryptedKey() { }
@@ -290,6 +301,7 @@ public Reference(string? uri) { }
         public string? Uri { get { throw null; } set { } }
         public void AddTransform(System.Security.Cryptography.Xml.Transform transform) { }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class ReferenceList : System.Collections.ICollection, System.Collections.IEnumerable, System.Collections.IList
@@ -332,8 +344,10 @@ public Signature() { }
         public System.Security.Cryptography.Xml.SignedInfo? SignedInfo { get { throw null; } set { } }
         public void AddObject(System.Security.Cryptography.Xml.DataObject dataObject) { }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class SignedInfo : System.Collections.ICollection, System.Collections.IEnumerable
     {
         public SignedInfo() { }
@@ -382,8 +396,11 @@ public partial class SignedXml
         public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116";
         public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116";
         public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform";
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public SignedXml() { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public SignedXml(System.Xml.XmlDocument document) { }
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
         public SignedXml(System.Xml.XmlElement elem) { }
         [System.Diagnostics.CodeAnalysis.AllowNullAttribute]
         public System.Security.Cryptography.Xml.EncryptedXml EncryptedXml { get { throw null; } set { } }
@@ -437,6 +454,7 @@ public TransformChain() { }
         public void Add(System.Security.Cryptography.Xml.Transform transform) { }
         public System.Collections.IEnumerator GetEnumerator() { throw null; }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlDecryptionTransform : System.Security.Cryptography.Xml.Transform
     {
         public XmlDecryptionTransform() { }
@@ -535,6 +553,7 @@ public XmlDsigXsltTransform(bool includeComments) { }
         public override void LoadInnerXml(System.Xml.XmlNodeList nodeList) { }
         public override void LoadInput(object obj) { }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
     public partial class XmlLicenseTransform : System.Security.Cryptography.Xml.Transform
     {
         public XmlLicenseTransform() { }
diff --git a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.csproj b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.csproj
index 3f56ab3fe34c00..c3d5fa5be5ed3b 100644
--- a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.csproj
+++ b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.csproj
@@ -9,6 +9,10 @@
     <Compile Include="System.Security.Cryptography.Xml.netframework.cs" Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
+  </ItemGroup>
+
   <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
     <PackageReference Include="System.Security.AccessControl" Version="$(SystemSecurityAccessControlVersion)" />
   </ItemGroup>
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/ILLink/ILLink.Suppressions.xml b/src/libraries/System.Security.Cryptography.Xml/src/ILLink/ILLink.Suppressions.xml
deleted file mode 100644
index d1b8e66a585313..00000000000000
--- a/src/libraries/System.Security.Cryptography.Xml/src/ILLink/ILLink.Suppressions.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<linker>
-  <assembly fullname="System.Security.Cryptography.Xml, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51">
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.CryptoHelpers.CreateFromName``1(System.String)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.DSASignatureDescription.CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.DSASignatureDescription.CreateFormatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.RSAPKCS1SignatureDescription.CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.RSAPKCS1SignatureDescription.CreateFormatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.SignedXml.ComputeSignature</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.DSASignatureDescription.CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.DSASignatureDescription.CreateDigest</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.DSASignatureDescription.CreateFormatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.RSAPKCS1SignatureDescription.CreateDeformatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.RSAPKCS1SignatureDescription.CreateDigest</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2046</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.RSAPKCS1SignatureDescription.CreateFormatter(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2057</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(System.Security.Cryptography.AsymmetricAlgorithm)</property>
-    </attribute>
-  </assembly>
-</linker>
\ No newline at end of file
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/Resources/Strings.resx b/src/libraries/System.Security.Cryptography.Xml/src/Resources/Strings.resx
index 88441504b6f1ef..b635c857083454 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/Resources/Strings.resx
+++ b/src/libraries/System.Security.Cryptography.Xml/src/Resources/Strings.resx
@@ -136,7 +136,7 @@
     <value>A Cipher Data element should have either a CipherValue or a CipherReference element.</value>
   </data>
   <data name="Cryptography_Xml_CreateHashAlgorithmFailed" xml:space="preserve">
-    <value>Could not create hash algorithm object.</value>
+    <value>Could not create hash algorithm object. If the application has been trimmed, ensure the required algorithm implementations are preserved.</value>
   </data>
   <data name="Cryptography_Xml_CreateTransformFailed" xml:space="preserve">
     <value>Could not create the XML transformation identified by the URI {0}.</value>
@@ -184,7 +184,7 @@
     <value>Signing key is not loaded.</value>
   </data>
   <data name="Cryptography_Xml_MissingAlgorithm" xml:space="preserve">
-    <value>Symmetric algorithm is not specified.</value>
+    <value>Symmetric algorithm is not specified. If the application has been trimmed, ensure the required algorithm implementations are preserved.</value>
   </data>
   <data name="Cryptography_Xml_MissingCipherData" xml:space="preserve">
     <value>Cipher data is not specified.</value>
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj b/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
index bb9788b511908b..907a61907e1668 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
@@ -135,6 +135,11 @@ System.Security.Cryptography.Xml.XmlLicenseTransform</PackageDescription>
              Link="Common\System\HexConverter.cs" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\UnconditionalSuppressMessageAttribute.cs" />
+  </ItemGroup>
+
   <ItemGroup Condition="'$(IsPartialFacadeAssembly)' != 'true'">
     <ProjectReference Include="$(LibrariesProjectRoot)System.Security.Cryptography.Pkcs\src\System.Security.Cryptography.Pkcs.csproj" />
   </ItemGroup>
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherData.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherData.cs
index 9b1dfb2d6aa018..17e46abd0dde9c 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherData.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherData.cs
@@ -94,6 +94,7 @@ internal XmlElement GetXml(XmlDocument document)
             return cipherDataElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherReference.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherReference.cs
index 635d8996e2af25..7e5dd004d8569b 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherReference.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherReference.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
@@ -65,6 +66,7 @@ public override XmlElement GetXml()
             return referenceElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
index 1e602141bcfa6a..f1b9c228d516b7 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
@@ -1,12 +1,17 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace System.Security.Cryptography.Xml
 {
     internal static class CryptoHelpers
     {
+        internal const string CreateFromNameUnreferencedCodeMessage = "The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.";
+
         private static readonly char[] _invalidChars = new char[] { ',', '`', '[', '*', '&' };
 
+        [RequiresUnreferencedCode(CreateFromNameUnreferencedCodeMessage)]
         public static object? CreateFromKnownName(string name) =>
             name switch
             {
@@ -38,6 +43,7 @@ internal static class CryptoHelpers
                 _ => null,
             };
 
+        [RequiresUnreferencedCode(CreateFromNameUnreferencedCodeMessage)]
         public static T? CreateFromName<T>(string? name) where T : class
         {
             if (name == null || name.IndexOfAny(_invalidChars) >= 0)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSASignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSASignatureDescription.cs
index 2b423e681e0fbc..22b1c4c355a79b 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSASignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSASignatureDescription.cs
@@ -17,6 +17,9 @@ public DSASignatureDescription()
             DigestAlgorithm = "SHA1";
         }
 
+#if NETCOREAPP
+        [RequiresUnreferencedCode("CreateDeformatter is not trim compatible because the algorithm implementation referenced by DeformatterAlgorithm might be removed.")]
+#endif
         public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
         {
             var item = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm!)!;
@@ -25,6 +28,9 @@ public sealed override AsymmetricSignatureDeformatter CreateDeformatter(Asymmetr
             return item;
         }
 
+#if NETCOREAPP
+        [RequiresUnreferencedCode("CreateFormatter is not trim compatible because the algorithm implementation referenced by FormatterAlgorithm might be removed.")]
+#endif
         public sealed override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
         {
             var item = (AsymmetricSignatureFormatter)CryptoConfig.CreateFromName(FormatterAlgorithm!)!;
@@ -34,6 +40,8 @@ public sealed override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAl
         }
 
         [SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 needed for compat.")]
+        [UnconditionalSuppressMessage("ReflectionAnalysis", "IL2046:AnnotationsMustMatchBase",
+            Justification = "This derived implementation doesn't require unreferenced code, like the base does.")]
         public sealed override HashAlgorithm CreateDigest()
         {
             return SHA1.Create();
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedData.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedData.cs
index 016018883c4348..4ce806457e82eb 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedData.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedData.cs
@@ -1,12 +1,14 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
 {
     public sealed class EncryptedData : EncryptedType
     {
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedKey.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedKey.cs
index 2b3f9e02ac3f6e..c0685f07e67e25 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedKey.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedKey.cs
@@ -47,6 +47,7 @@ public void AddReference(KeyReference keyReference)
             ReferenceList.Add(keyReference);
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedReference.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedReference.cs
index 04d6e3a0d14902..238a9f1055ecf9 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedReference.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedReference.cs
@@ -102,6 +102,7 @@ internal XmlElement GetXml(XmlDocument document)
             return referenceElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public virtual void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedType.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedType.cs
index e32f63ec067f5d..31cc71e21738b4 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedType.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedType.cs
@@ -104,6 +104,7 @@ public virtual CipherData CipherData
             }
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public abstract void LoadXml(XmlElement value);
         public abstract XmlElement GetXml();
     }
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedXml.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedXml.cs
index b056d70dc0dfb9..b60fd2501464c3 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedXml.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedXml.cs
@@ -76,10 +76,13 @@ public class EncryptedXml
         //
         // public constructors
         //
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public EncryptedXml() : this(new XmlDocument()) { }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public EncryptedXml(XmlDocument document) : this(document, null) { }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public EncryptedXml(XmlDocument document, Evidence? evidence)
         {
             _document = document;
@@ -299,6 +302,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
 
         // default behaviour is to look for keys defined by an EncryptedKey clause
         // either directly or through a KeyInfoRetrievalMethod, and key names in the key mapping
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public virtual SymmetricAlgorithm? GetDecryptionKey(EncryptedData encryptedData, string? symmetricAlgorithmUri)
         {
             if (encryptedData is null)
@@ -386,6 +390,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
         }
 
         // Try to decrypt the EncryptedKey given the key mapping
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public virtual byte[]? DecryptEncryptedKey(EncryptedKey encryptedKey)
         {
             if (encryptedKey is null)
@@ -531,6 +536,7 @@ public void ClearKeyNameMappings()
 
         // Encrypts the given element with the certificate specified. The certificate is added as
         // an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly.
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
         {
             if (inputElement is null)
@@ -575,6 +581,7 @@ public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certifica
         // Encrypts the given element with the key name specified. A corresponding key name mapping
         // has to be defined before calling this method. The key name is added as
         // a KeyNameInfo KeyInfo to an EncryptedKey (AES session key) generated randomly.
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public EncryptedData Encrypt(XmlElement inputElement, string keyName)
         {
             if (inputElement is null)
@@ -657,6 +664,7 @@ public EncryptedData Encrypt(XmlElement inputElement, string keyName)
         // decrypts the document using the defined key mapping in GetDecryptionKey
         // The behaviour of this method can be extended because GetDecryptionKey is virtual
         // the document is decrypted in place
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public void DecryptDocument()
         {
             // Look for all EncryptedData elements and decrypt them
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs
index 8b4db7b7674664..20e0d6b662f11a 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Collections;
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
@@ -58,6 +59,7 @@ internal XmlElement GetXml(XmlDocument xmlDocument)
             return keyInfoElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoEncryptedKey.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoEncryptedKey.cs
index 02321596fdb833..ba3e776da06d0e 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoEncryptedKey.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoEncryptedKey.cs
@@ -1,10 +1,12 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
 {
+    [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
     public class KeyInfoEncryptedKey : KeyInfoClause
     {
         private EncryptedKey? _encryptedKey;
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA1SignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA1SignatureDescription.cs
index 82de982f9cd3af..e181cde89608a7 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA1SignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA1SignatureDescription.cs
@@ -12,6 +12,8 @@ public RSAPKCS1SHA1SignatureDescription() : base("SHA1")
         }
 
         [SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 needed for compat.")]
+        [UnconditionalSuppressMessage("ReflectionAnalysis", "IL2046:AnnotationsMustMatchBase",
+            Justification = "This derived implementation doesn't require unreferenced code, like the base does.")]
         public sealed override HashAlgorithm CreateDigest()
         {
             return SHA1.Create();
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA256SignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA256SignatureDescription.cs
index 21c8967f563b13..08f9620e200c01 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA256SignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA256SignatureDescription.cs
@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace System.Security.Cryptography.Xml
 {
     internal sealed class RSAPKCS1SHA256SignatureDescription : RSAPKCS1SignatureDescription
@@ -9,6 +11,8 @@ public RSAPKCS1SHA256SignatureDescription() : base("SHA256")
         {
         }
 
+        [UnconditionalSuppressMessage("ReflectionAnalysis", "IL2046:AnnotationsMustMatchBase",
+            Justification = "This derived implementation doesn't require unreferenced code, like the base does.")]
         public sealed override HashAlgorithm CreateDigest()
         {
             return SHA256.Create();
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA384SignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA384SignatureDescription.cs
index 9d472c896646ff..92c7a24d6d8d80 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA384SignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA384SignatureDescription.cs
@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace System.Security.Cryptography.Xml
 {
     internal sealed class RSAPKCS1SHA384SignatureDescription : RSAPKCS1SignatureDescription
@@ -9,6 +11,8 @@ public RSAPKCS1SHA384SignatureDescription() : base("SHA384")
         {
         }
 
+        [UnconditionalSuppressMessage("ReflectionAnalysis", "IL2046:AnnotationsMustMatchBase",
+            Justification = "This derived implementation doesn't require unreferenced code, like the base does.")]
         public sealed override HashAlgorithm CreateDigest()
         {
             return SHA384.Create();
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA512SignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA512SignatureDescription.cs
index 0bc99fcc6c1b6e..3be4740315353a 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA512SignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SHA512SignatureDescription.cs
@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace System.Security.Cryptography.Xml
 {
     internal sealed class RSAPKCS1SHA512SignatureDescription : RSAPKCS1SignatureDescription
@@ -9,6 +11,8 @@ public RSAPKCS1SHA512SignatureDescription() : base("SHA512")
         {
         }
 
+        [UnconditionalSuppressMessage("ReflectionAnalysis", "IL2046:AnnotationsMustMatchBase",
+            Justification = "This derived implementation doesn't require unreferenced code, like the base does.")]
         public sealed override HashAlgorithm CreateDigest()
         {
             return SHA512.Create();
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SignatureDescription.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SignatureDescription.cs
index 9c48c3172d45fe..6d5a8fd733e03a 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SignatureDescription.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAPKCS1SignatureDescription.cs
@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace System.Security.Cryptography.Xml
 {
     internal abstract class RSAPKCS1SignatureDescription : SignatureDescription
@@ -13,6 +15,9 @@ public RSAPKCS1SignatureDescription(string hashAlgorithmName)
             DigestAlgorithm = hashAlgorithmName;
         }
 
+#if NETCOREAPP
+        [RequiresUnreferencedCode("CreateDeformatter is not trim compatible because the algorithm implementation referenced by DeformatterAlgorithm might be removed.")]
+#endif
         public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
         {
             var item = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm!)!;
@@ -21,6 +26,9 @@ public sealed override AsymmetricSignatureDeformatter CreateDeformatter(Asymmetr
             return item;
         }
 
+#if NETCOREAPP
+        [RequiresUnreferencedCode("CreateFormatter is not trim compatible because the algorithm implementation referenced by FormatterAlgorithm might be removed.")]
+#endif
         public sealed override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
         {
             var item = (AsymmetricSignatureFormatter)CryptoConfig.CreateFromName(FormatterAlgorithm!)!;
@@ -29,6 +37,9 @@ public sealed override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAl
             return item;
         }
 
+#if NETCOREAPP
+        [RequiresUnreferencedCode("CreateDigest is not trim compatible because the algorithm implementation referenced by DigestAlgorithm might be removed.")]
+#endif
         public abstract override HashAlgorithm CreateDigest();
     }
 }
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs
index 801dae7f9e9022..7ac2b44f4d8eb1 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs
@@ -202,6 +202,7 @@ internal XmlElement GetXml(XmlDocument document)
             return referenceElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
@@ -332,6 +333,7 @@ public void AddTransform(Transform transform)
             TransformChain.Add(transform);
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal void UpdateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
         {
             DigestValue = CalculateHashValue(document, refList);
@@ -339,6 +341,7 @@ internal void UpdateHashValue(XmlDocument document, CanonicalXmlNodeList refList
 
         // What we want to do is pump the input through the TransformChain and then
         // hash the output of the chain document is the document context for resolving relative references
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal byte[]? CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
         {
             // refList is a list of elements that might be targets of references
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs
index d227ea020a1b3b..a083a9bbccf07f 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Collections;
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
@@ -128,6 +129,7 @@ internal XmlElement GetXml(XmlDocument document)
             return signatureElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs
index 8941e4635b62b6..c56bf7e946c78b 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs
@@ -7,6 +7,7 @@
 
 namespace System.Security.Cryptography.Xml
 {
+    [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
     public class SignedInfo : ICollection
     {
         private string? _id;
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs
index 8dba99350986c5..50f74d31aa78ec 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs
@@ -87,11 +87,13 @@ public class SignedXml
         // public constructors
         //
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public SignedXml()
         {
             Initialize(null);
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public SignedXml(XmlDocument document)
         {
             if (document is null)
@@ -102,6 +104,7 @@ public SignedXml(XmlDocument document)
             Initialize(document.DocumentElement);
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         public SignedXml(XmlElement elem)
         {
             if (elem is null)
@@ -114,6 +117,7 @@ public SignedXml(XmlElement elem)
 
         [MemberNotNull(nameof(m_signature))]
         [MemberNotNull(nameof(_safeCanonicalizationMethods))]
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         private void Initialize(XmlElement? element)
         {
             _containingDocument = element?.OwnerDocument;
@@ -173,6 +177,7 @@ public AsymmetricAlgorithm? SigningKey
         [AllowNull]
         public EncryptedXml EncryptedXml
         {
+            [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
             get => _exml ??= new EncryptedXml(_containingDocument!); // default processing rules
             set => _exml = value;
         }
@@ -217,6 +222,7 @@ public XmlElement GetXml()
                 return m_signature.GetXml();
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
@@ -374,6 +380,7 @@ public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnl
             return true;
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         public void ComputeSignature()
         {
             SignedXmlDebugLog.LogBeginSignatureComputation(this, _context!);
@@ -630,6 +637,7 @@ private static bool DefaultSignatureFormatValidator(SignedXml signedXml)
 
         // Validation function to see if the current signature is signed with a truncated HMAC - one which
         // has a signature length of fewer bits than the whole HMAC output.
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         private bool DoesSignatureUseTruncatedHmac()
         {
             // If we're not using the SignatureLength property, then we're not truncating the signature length
@@ -774,6 +782,7 @@ private static IList<string> DefaultSafeTransformMethods
             }
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         private byte[] GetC14NDigest(HashAlgorithm hash)
         {
             bool isKeyedHashAlgorithm = hash is KeyedHashAlgorithm;
@@ -873,6 +882,7 @@ public int Compare(object? a, object? b)
             }
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         private void BuildDigestedReferences()
         {
             // Default the DigestMethod and Canonicalization
@@ -910,6 +920,7 @@ private void BuildDigestedReferences()
             }
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
         private bool CheckDigestedReferences()
         {
             ArrayList references = m_signature.SignedInfo!.References;
@@ -998,6 +1009,8 @@ private bool CheckSignatureFormat()
             return formatValid;
         }
 
+        [UnconditionalSuppressMessage("ILLink", "IL2026:RequiresUnreferencedCode", Justification = "ctors are marked as RDC")]
+        [UnconditionalSuppressMessage("ILLink", "IL2057:UnrecognizedReflectionPattern", Justification = "ctors are marked as RDC")]
         private bool CheckSignedInfo(AsymmetricAlgorithm key)
         {
             if (key is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXmlDebugLog.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXmlDebugLog.cs
index 21eb5a7f6cf6a2..ef75ce05b4f002 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXmlDebugLog.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXmlDebugLog.cs
@@ -677,6 +677,7 @@ internal static void LogSigning(SignedXml signedXml, KeyedHashAlgorithm key)
         /// </summary>
         /// <param name="signedXml">SignedXml object driving the signature</param>
         /// <param name="reference">Reference being hashed</param>
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal static void LogSigningReference(SignedXml signedXml, Reference reference)
         {
             Debug.Assert(signedXml != null, "signedXml != null");
@@ -807,6 +808,7 @@ internal static void LogVerifyReference(SignedXml signedXml, Reference reference
         /// <param name="reference">reference being verified</param>
         /// <param name="actualHash">actual hash value of the reference</param>
         /// <param name="expectedHash">hash value the signature expected the reference to have</param>
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal static void LogVerifyReferenceHash(SignedXml signedXml,
                                                     Reference reference,
                                                     byte[]? actualHash,
@@ -1025,6 +1027,7 @@ internal static void LogVerifyX509Chain(SignedXml signedXml, X509Chain chain, X5
         /// </summary>
         /// <param name="signedXml">SignedXml object verifying the signature</param>
         /// <param name="reference">reference being verified</param>
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal static void LogSignedXmlRecursionLimit(SignedXml signedXml,
                                                         Reference reference)
         {
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/TransformChain.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/TransformChain.cs
index 06213c2a457fbc..b6432c6d121a04 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/TransformChain.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/TransformChain.cs
@@ -14,6 +14,7 @@
 // stream. (We only bother implementing that much now since every use of transform chains in XmlDsig ultimately yields something to hash).
 
 using System.Collections;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Xml;
 
@@ -166,6 +167,7 @@ internal XmlElement GetXml(XmlDocument document, string ns)
             return transformsElement;
         }
 
+        [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
         internal void LoadXml(XmlElement value)
         {
             if (value is null)
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDecryptionTransform.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDecryptionTransform.cs
index e12455290d3626..8b3d94ed388063 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDecryptionTransform.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlDecryptionTransform.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Collections;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Xml;
 
@@ -10,6 +11,7 @@ namespace System.Security.Cryptography.Xml
     // XML Decryption Transform is used to specify the order of XML Digital Signature
     // and XML Encryption when performed on the same document.
 
+    [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
     public class XmlDecryptionTransform : Transform
     {
         private readonly Type[] _inputTypes = { typeof(Stream), typeof(XmlDocument) };
@@ -19,7 +21,12 @@ public class XmlDecryptionTransform : Transform
         private EncryptedXml? _exml; // defines the XML encryption processing rules
         private XmlDocument? _containingDocument;
         private XmlNamespaceManager? _nsm;
-        private const string XmlDecryptionTransformNamespaceUrl = "http://www.w3.org/2002/07/decrypt#";
+
+        // work around https://github.com/dotnet/runtime/issues/81864 by splitting this into a separate class.
+        internal static class Consts
+        {
+            internal const string XmlDecryptionTransformNamespaceUrl = "http://www.w3.org/2002/07/decrypt#";
+        }
 
         public XmlDecryptionTransform()
         {
@@ -88,10 +95,10 @@ public override void LoadInnerXml(XmlNodeList nodeList)
                 XmlElement? elem = node as XmlElement;
                 if (elem != null)
                 {
-                    if (elem.LocalName == "Except" && elem.NamespaceURI == XmlDecryptionTransformNamespaceUrl)
+                    if (elem.LocalName == "Except" && elem.NamespaceURI == Consts.XmlDecryptionTransformNamespaceUrl)
                     {
                         // the Uri is required
-                        string? uri = Utils.GetAttribute(elem, "URI", XmlDecryptionTransformNamespaceUrl);
+                        string? uri = Utils.GetAttribute(elem, "URI", Consts.XmlDecryptionTransformNamespaceUrl);
                         if (uri == null || uri.Length == 0 || uri[0] != '#')
                             throw new CryptographicException(SR.Cryptography_Xml_UriRequired);
                         if (!Utils.VerifyAttributes(elem, "URI"))
@@ -119,7 +126,7 @@ public override void LoadInnerXml(XmlNodeList nodeList)
                 element.SetAttribute("Algorithm", Algorithm);
             foreach (string uri in ExceptUris)
             {
-                XmlElement exceptUriElement = document.CreateElement("Except", XmlDecryptionTransformNamespaceUrl);
+                XmlElement exceptUriElement = document.CreateElement("Except", Consts.XmlDecryptionTransformNamespaceUrl);
                 exceptUriElement.SetAttribute("URI", uri);
                 element.AppendChild(exceptUriElement);
             }
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlLicenseTransform.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlLicenseTransform.cs
index ee140b6765f3ba..11ad700cd38ebe 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlLicenseTransform.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/XmlLicenseTransform.cs
@@ -1,11 +1,13 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
 {
+    [RequiresUnreferencedCode(CryptoHelpers.CreateFromNameUnreferencedCodeMessage)]
     public class XmlLicenseTransform : Transform
     {
         private readonly Type[] _inputTypes = { typeof(XmlDocument) };
@@ -13,8 +15,13 @@ public class XmlLicenseTransform : Transform
         private XmlNamespaceManager? _namespaceManager;
         private XmlDocument? _license;
         private IRelDecryptor? _relDecryptor;
-        private const string ElementIssuer = "issuer";
-        private const string NamespaceUriCore = "urn:mpeg:mpeg21:2003:01-REL-R-NS";
+
+        // work around https://github.com/dotnet/runtime/issues/81864 by splitting these into a separate class.
+        internal static class Consts
+        {
+            internal const string ElementIssuer = "issuer";
+            internal const string NamespaceUriCore = "urn:mpeg:mpeg21:2003:01-REL-R-NS";
+        }
 
         public XmlLicenseTransform()
         {
@@ -129,7 +136,7 @@ public override void LoadInput(object obj)
             _namespaceManager = new XmlNamespaceManager(_license.NameTable);
             _namespaceManager.AddNamespace("dsig", SignedXml.XmlDsigNamespaceUrl);
             _namespaceManager.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);
-            _namespaceManager.AddNamespace("r", NamespaceUriCore);
+            _namespaceManager.AddNamespace("r", Consts.NamespaceUriCore);
 
             XmlElement? currentIssuerContext;
             XmlElement? currentLicenseContext;
@@ -156,8 +163,8 @@ public override void LoadInput(object obj)
                 if (issuerList[i]! == currentIssuerContext)
                     continue;
 
-                if ((issuerList[i]!.LocalName == ElementIssuer) &&
-                    (issuerList[i]!.NamespaceURI == NamespaceUriCore))
+                if ((issuerList[i]!.LocalName == Consts.ElementIssuer) &&
+                    (issuerList[i]!.NamespaceURI == Consts.NamespaceUriCore))
                     issuerList[i]!.ParentNode!.RemoveChild(issuerList[i]!);
             }
 

From 3ce5052ed74ab474d83cc31883a8abc2b01787c8 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Wed, 12 Apr 2023 10:31:16 -0500
Subject: [PATCH 2/2] Respond to feedback

---
 .../Microsoft.Extensions.Configuration.Xml.cs | 24 +++++++++----------
 .../src/XmlDocumentDecryptor.cs               |  2 +-
 .../System.Security.Cryptography.Xml.csproj   |  8 ++-----
 .../Cryptography/Xml/CryptoHelpers.cs         |  1 +
 4 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
index ac0f625278eb39..889044c1071661 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/ref/Microsoft.Extensions.Configuration.Xml.cs
@@ -9,36 +9,36 @@ namespace Microsoft.Extensions.Configuration
     public static partial class XmlConfigurationExtensions
     {
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, Microsoft.Extensions.FileProviders.IFileProvider? provider, string path, bool optional, bool reloadOnChange) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, System.Action<Microsoft.Extensions.Configuration.Xml.XmlConfigurationSource>? configureSource) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path, bool optional) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlFile(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, string path, bool optional, bool reloadOnChange) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddXmlStream(this Microsoft.Extensions.Configuration.IConfigurationBuilder builder, System.IO.Stream stream) { throw null; }
     }
 }
 namespace Microsoft.Extensions.Configuration.Xml
 {
     [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
     public partial class XmlConfigurationProvider : Microsoft.Extensions.Configuration.FileConfigurationProvider
     {
         public XmlConfigurationProvider(Microsoft.Extensions.Configuration.Xml.XmlConfigurationSource source) : base (default(Microsoft.Extensions.Configuration.FileConfigurationSource)) { }
         public override void Load(System.IO.Stream stream) { }
     }
     [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
     public partial class XmlConfigurationSource : Microsoft.Extensions.Configuration.FileConfigurationSource
     {
         public XmlConfigurationSource() { }
@@ -49,15 +49,15 @@ public partial class XmlDocumentDecryptor
         public static readonly Microsoft.Extensions.Configuration.Xml.XmlDocumentDecryptor Instance;
         protected XmlDocumentDecryptor() { }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         public System.Xml.XmlReader CreateDecryptingXmlReader(System.IO.Stream input, System.Xml.XmlReaderSettings? settings) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+        [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
         protected virtual System.Xml.XmlReader DecryptDocumentAndCreateXmlReader(System.Xml.XmlDocument document) { throw null; }
     }
     [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
     public partial class XmlStreamConfigurationProvider : Microsoft.Extensions.Configuration.StreamConfigurationProvider
     {
         public XmlStreamConfigurationProvider(Microsoft.Extensions.Configuration.Xml.XmlStreamConfigurationSource source) : base (default(Microsoft.Extensions.Configuration.StreamConfigurationSource)) { }
@@ -65,7 +65,7 @@ public override void Load(System.IO.Stream stream) { }
         public static System.Collections.Generic.IDictionary<string, string?> Read(System.IO.Stream stream, Microsoft.Extensions.Configuration.Xml.XmlDocumentDecryptor decryptor) { throw null; }
     }
     [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.")]
-    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.")]
+    [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.")]
     public partial class XmlStreamConfigurationSource : Microsoft.Extensions.Configuration.StreamConfigurationSource
     {
         public XmlStreamConfigurationSource() { }
diff --git a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
index 710dc30b2f771e..51bfb352228a83 100644
--- a/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
+++ b/src/libraries/Microsoft.Extensions.Configuration.Xml/src/XmlDocumentDecryptor.cs
@@ -16,7 +16,7 @@ namespace Microsoft.Extensions.Configuration.Xml
     public class XmlDocumentDecryptor
     {
         internal const string RequiresDynamicCodeMessage = "Microsoft.Extensions.Configuration.Xml can use EncryptedXml which may contain XSLTs in the xml. XSLTs require dynamic code.";
-        internal const string RequiresUnreferencedCodeMessage = "Microsoft.Extensions.Configuration.Xml can use EncryptedXml. The algorithm implementations referenced in the XML payload might be removed. Ensure the required algorithm implementations are preserved in your application.";
+        internal const string RequiresUnreferencedCodeMessage = "Microsoft.Extensions.Configuration.Xml can use EncryptedXml. If you use encrypted XML files, your application might not have the algorithm implementations it needs. To avoid this problem, one option you can use is a DynamicDependency attribute to keep the algorithm implementations in your application.";
 
         /// <summary>
         /// Accesses the singleton decryptor instance.
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj b/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
index 61cf2305a9f6cb..5aea1a156c97a4 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFrameworks>$(NetCoreAppCurrent);$(NetCoreAppPrevious);$(NetCoreAppMinimum);netstandard2.0;$(NetFrameworkMinimum)</TargetFrameworks>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
@@ -138,6 +138,7 @@ System.Security.Cryptography.Xml.XmlLicenseTransform</PackageDescription>
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
     <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\UnconditionalSuppressMessageAttribute.cs" />
   </ItemGroup>
 
@@ -145,11 +146,6 @@ System.Security.Cryptography.Xml.XmlLicenseTransform</PackageDescription>
     <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresDynamicCodeAttribute.cs" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
-    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresUnreferencedCodeAttribute.cs" />
-    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\UnconditionalSuppressMessageAttribute.cs" />
-  </ItemGroup>
-
   <ItemGroup Condition="'$(IsPartialFacadeAssembly)' != 'true'">
     <ProjectReference Include="$(LibrariesProjectRoot)System.Security.Cryptography.Pkcs\src\System.Security.Cryptography.Pkcs.csproj" />
   </ItemGroup>
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
index 9e79635e93a5e1..6ea4154ca27790 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs
@@ -79,6 +79,7 @@ private static XmlDsigXsltTransform CreateXmlDsigXsltTransform()
             }
         }
 
+        [RequiresUnreferencedCode(CreateFromNameUnreferencedCodeMessage)]
         [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCodeAttribute",
             Justification = "Only XmlDsigXsltTransform requires dynamic code. This method asserts that T is not a Transform.")]
         public static T? CreateNonTransformFromName<T>(string? name) where T : class