473,551 Members | 2,797 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

verifying the authentity of an assembly producer with strong naming?

Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my
opinion)
2. Assure that the assembly is really from the "fabricator " (?)

If these two point are correct (i'm not sure), i have a problem with point
2.
To assure the authentity of the fabricator, the public key (which is a part
of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an would
probably use delayed signing.
But how can a client computer really check, whether the installed assembly
is really from this company (checking the public key).
I'm a little bit confused.

Perhaps someone can help me.
Thank in advance.
Reinhold
Nov 15 '05 #1
4 1851

"Reinhold Schalk" <Re*******@gmx. de> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my opinion)
2. Assure that the assembly is really from the "fabricator " (?)

If these two point are correct (i'm not sure), i have a problem with point
2.
To assure the authentity of the fabricator, the public key (which is a part of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an would probably use delayed signing.
But how can a client computer really check, whether the installed assembly
is really from this company (checking the public key).
I'm a little bit confused.
Well, basically, an assembly that is linked against a signed assembly has a
reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible for
a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will only
load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.

The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed code
basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify that
they have an assembly that was signed with a specific companys private key.
There isn't much more of a benifit than that, that I can think of anyway.

I don't understand what the questino about SN is, could you clarify it a
bit?
Perhaps someone can help me.
Thank in advance.
Reinhold

Nov 15 '05 #2
Hello Daniel,
thanks for your reply.
Yes, indeed i do also think, that the primary benefit of strong named
assembly from the endusers point of view is, to know exactly that the
assembly is untampered (not modified).
And if i have understood everthing right, there is no way of "automatica lly"
checking the public key against a certificate, that means really verifying
that the assembly is really from a specific company (Company X delivers a
strong named assembly and says it's from them (does contain their public
key)).
You are right - perhaps one could write a custom loader class who does this
verification, but that's not the way one would like to go...

Concerning SN-Tool i do not have a question. I have justed mentioned it, if
there would have been a way to verifiy the public key, how would this be
accomplished using the public key generated from SN.EXE.

Again thanks for your reply
Reinhold

"Daniel O'Connell" <onyxkirx@--NOSPAM--comcast.net> schrieb im Newsbeitrag
news:HdNkb.6002 75$cF.264585@rw crnsc53...

"Reinhold Schalk" <Re*******@gmx. de> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my
opinion)
2. Assure that the assembly is really from the "fabricator " (?)

If these two point are correct (i'm not sure), i have a problem with point 2.
To assure the authentity of the fabricator, the public key (which is a

part
of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an

would
probably use delayed signing.
But how can a client computer really check, whether the installed assembly is really from this company (checking the public key).
I'm a little bit confused.


Well, basically, an assembly that is linked against a signed assembly has

a reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible for a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will only load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.

The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed code basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify that they have an assembly that was signed with a specific companys private key. There isn't much more of a benifit than that, that I can think of anyway.

I don't understand what the questino about SN is, could you clarify it a
bit?

Perhaps someone can help me.
Thank in advance.
Reinhold


Nov 15 '05 #3

"Reinhold Schalk" <Re*******@gmx. de> wrote in message
news:u3******** ********@TK2MSF TNGP10.phx.gbl. ..
Hello Daniel,
thanks for your reply.
Yes, indeed i do also think, that the primary benefit of strong named
assembly from the endusers point of view is, to know exactly that the
assembly is untampered (not modified).
And if i have understood everthing right, there is no way of "automatica lly" checking the public key against a certificate, that means really verifying
that the assembly is really from a specific company (Company X delivers a
strong named assembly and says it's from them (does contain their public
key)).
You are right - perhaps one could write a custom loader class who does this verification, but that's not the way one would like to go...

Concerning SN-Tool i do not have a question. I have justed mentioned it, if there would have been a way to verifiy the public key, how would this be
accomplished using the public key generated from SN.EXE.

Well, you could publish the public key and write a tool that does the
verification, I'm kind of surprised that sn doesn't have a parameter
(atleast that I can find) that will verify an assembly against a given
public key, asit stands you'd basically need to dump the signed key and the
public key from a keypair\public key file and manually compare them...that
is kind of strange.

basically, use sn -p myKey.snk mypublicKey.snk or whatever file names you'd
use, then distribute mypublicKey.snk in a manner that end users could get at
it to verify that the assembly is properly signed.

But, this is pretty much the end of my knowledge. Hopefully someone who is
more knowledgable about the inner workings of signing will reply with more
information.
Again thanks for your reply
Reinhold

"Daniel O'Connell" <onyxkirx@--NOSPAM--comcast.net> schrieb im Newsbeitrag
news:HdNkb.6002 75$cF.264585@rw crnsc53...

"Reinhold Schalk" <Re*******@gmx. de> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok
in
my
opinion)
2. Assure that the assembly is really from the "fabricator " (?)

If these two point are correct (i'm not sure), i have a problem with point 2.
To assure the authentity of the fabricator, the public key (which is a part
of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an

would
probably use delayed signing.
But how can a client computer really check, whether the installed assembly is really from this company (checking the public key).
I'm a little bit confused.


Well, basically, an assembly that is linked against a signed assembly

has a
reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible

for
a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will

only
load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.

The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed

code
basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify

that
they have an assembly that was signed with a specific companys private

key.
There isn't much more of a benifit than that, that I can think of

anyway.
I don't understand what the questino about SN is, could you clarify it a
bit?

Perhaps someone can help me.
Thank in advance.
Reinhold



Nov 15 '05 #4
The public key is enough to indicate that the assembly is really from the
"fabricator ", but it does not at all indicate who the fabricator is.
Basically it is imply there the assist in generating a unique name for each
assembly, and to prevent impersonation. If you want to establish identity
or trust relationships with the fabricator, you would have to rely on
classic signing methods like Authenticode.

As far as validating the public key, it is quite easy. "sn.exe -vf
assembly.dll" Will validate the signature. I'm not good with crypto stuff,
but it's using simple public-private key encryption such that anybody with
the public key can decrypt, but only those with the private key can encrypt.
Thus everybody can validate the signature, but only the fabricator can
create the signature. And just like PGP, you still need some other means of
establishing who the "fabricator " really is.

--
--Grant
This posting is provided "AS IS" with no warranties, and confers no rights.
Nov 15 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2529
by: Tony Jones | last post by:
I have a third party assembly that I need to strong name because the C# project I'm referencing it in will be strong named. Every time I compile my project I'm getting "Assembly generation failed -- Referenced assembly 'xxxxx' does not have a strong name". The referenced assembly is a .NET assembly that does not have a strong name. It...
10
2666
by: Tony Jones | last post by:
Can anyone think of a reason why a 3rd party vendor writing .NET components would NOT strong name their assemblies? What harm does adding a strong-name to assembly present - I would think none whatsoever. Strong-naming the assembly should benefit the end user just in case he/she wants to reference the assembly in another strong-named...
2
2173
by: Thomas W. Brown | last post by:
If I am using the CSharpCodeProvider to dynamically compile an in-memory assembly from some C# source, do I need to worry about signing this assembly if I'm doing the compilation, instantiation, and invocation of a dynamic object from a strongly named assembly? If so, how do you strongly name a dynamic, in-memory assembly?
6
1645
by: Manuel Lopez | last post by:
Hello, I have a Web Project (UserControls.dll) with some user controls that is shared by many asp.net web applicattions. What we do is copy UserControls.dll to all the applications bin folders an this works correctly. We want to have this shared code in the GAC.
2
1344
by: SStory | last post by:
How can I strong name my assembly if it references 3rd part non-strong named dlls? I just want my part strong named--I don't care about their part. Thanks, Shane
3
1998
by: John | last post by:
Hi I have a class project which generates a dll which I would like to install in the gac. When I build the project, I get the following error; Unable to build assembly XXX into the Global Assembly Cache; the assembly is not strongly named. What do I need to do to get the assembly strongly named?
7
1688
by: Bruce Wood | last post by:
I still haven't gotten through the .NET Framework Security tome on my desk. Maybe the folks here can answer a burning question. I want to use strong naming at our organization as a security measure: we could then indicate that any assemblies we signed are fully trusted, and so deploy centrally rather than having to deploy on each server. ...
6
4055
by: dm1608 | last post by:
I'm relatively new to ASP.NET 2.0 and am struggling with trying to find the best naming convention for the BAL and DAL objects within my database. Does anyone have any recommendations or best practices for naming my objects? I currently have all my type classses simply called "JobSummaryClass" or "JobDetailsClass". These classes simply...
0
1113
by: John Liu | last post by:
Recently I had to do some really nasty work (I consider any IL work nasty) to get a set of (not strong named) 3rd party assemblies to compile with our solution (which is strong named). DISCLAIMER: We've notified the 3rd party and a strong named version will be provided in the next release, but in the mean time for our internal development...
0
7565
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7768
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8002
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7522
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6106
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5130
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3534
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3520
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1981
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.