473,903 Members | 5,218 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Questions on strong names

How do you go about verifying that an assembly with a strong name has
not been tampered with? And how do you verify that it's been signed by a
particular author or vendor?

--
There are 10 kinds of people. Those who understand binary and those who
don't.

http://code.acadx.com
(Pull the pin to reply)
Nov 15 '05 #1
4 1211
> How do you go about verifying that an assembly with a strong name has
not been tampered with?
The .NET fusion engine just won't load the corrupted assembly. I have tried
this myself by altering some bytes in a DLL file on purpose. An exception is
thrown upon an attempt to load such an assembly.
And how do you verify that it's been signed by a particular author or vendor?

By comparing the assembly's public key with the apriori known one of the
author/vendor. There is a better way to do that, but it requires obtaining a
digital signature which is not free and AFAIK requires some paperwork.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Frank Oquendo" <fr*******@acad x.com> wrote in message
news:uZ******** ******@TK2MSFTN GP11.phx.gbl... How do you go about verifying that an assembly with a strong name has
not been tampered with? And how do you verify that it's been signed by a
particular author or vendor?

--
There are 10 kinds of people. Those who understand binary and those who
don't.

http://code.acadx.com
(Pull the pin to reply)


Nov 15 '05 #2
> How do you go about verifying that an assembly with a strong name has
not been tampered with?
The .NET fusion engine just won't load the corrupted assembly. I have tried
this myself by altering some bytes in a DLL file on purpose. An exception is
thrown upon an attempt to load such an assembly.
And how do you verify that it's been signed by a particular author or vendor?

By comparing the assembly's public key with the apriori known one of the
author/vendor. There is a better way to do that, but it requires obtaining a
digital signature which is not free and AFAIK requires some paperwork.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Frank Oquendo" <fr*******@acad x.com> wrote in message
news:uZ******** ******@TK2MSFTN GP11.phx.gbl... How do you go about verifying that an assembly with a strong name has
not been tampered with? And how do you verify that it's been signed by a
particular author or vendor?

--
There are 10 kinds of people. Those who understand binary and those who
don't.

http://code.acadx.com
(Pull the pin to reply)


Nov 15 '05 #3
My understanding is that given a strongly named assembly and the public key,
you can be assured that
- yes, the entity that gave you that key is the one who made this assembly
- and yes, it's the version you think it is (hasn't been tampered with)

What digital signing adds is to say
- yes, the entity that gave you that assembly is XYZ Company.

The digital signing requires a certificate issued by a known trusted source,
like Verisign. Yes it takes $ and paperwork to get one.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.c om> wrote
in message news:eN******** ******@TK2MSFTN GP10.phx.gbl...
How do you go about verifying that an assembly with a strong name has
not been tampered with?
The .NET fusion engine just won't load the corrupted assembly. I have

tried this myself by altering some bytes in a DLL file on purpose. An exception is thrown upon an attempt to load such an assembly.
And how do you verify that it's been signed by a particular author or vendor?

By comparing the assembly's public key with the apriori known one of the
author/vendor. There is a better way to do that, but it requires obtaining

a digital signature which is not free and AFAIK requires some paperwork.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Frank Oquendo" <fr*******@acad x.com> wrote in message
news:uZ******** ******@TK2MSFTN GP11.phx.gbl...
How do you go about verifying that an assembly with a strong name has
not been tampered with? And how do you verify that it's been signed by a
particular author or vendor?

--
There are 10 kinds of people. Those who understand binary and those who
don't.

http://code.acadx.com
(Pull the pin to reply)

Nov 15 '05 #4
Daniel Billingsley wrote:
My understanding is that given a strongly named assembly and the
public key, you can be assured that
- yes, the entity that gave you that key is the one who made this
assembly


So how do you extract the public key from your signature file? And how
would a client go about using that key to verify the source of the
assembly?

--
There are 10 kinds of people. Those who understand binary and those who
don't.

http://code.acadx.com
(Pull the pin to reply)
Nov 15 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
2271
by: Daniel | last post by:
I'm a newcomer to .Net and am slowly becoming familiar with it, so I have some simple questions. Here's the situation: I created a VB.Net project for my data access layer (DAL), another VB.Net project for my business logic layer (BLL), and am using ASP.Net web forms as the front end. So I want by BLL to reference the DAL and the ASP.Net project to reference the BLL. Questions:
0
1218
by: Mário Sobral | last post by:
Hi, I created an assembly (let's call it assembly (B)) that returns a localized resource for a given key (similar to System.Globalization.ResourceManager). I checks if the caller assembly (let's call it assembly (A)) has a satellite assembly (let's call it assembly (sA)) with localized resources. If it exists, it gets the resource with the given key and returns it, otherwise it reads information from a support database and dinamically...
1
1352
by: Leonardo D'Ippolito | last post by:
Hello sirs, I am trying to understand how strong names work. Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll and replaces code parts, and then recompiles again. When MyApplication.exe will load lib.dll the next time, will it detect that it is a different dll if they have strong names?
0
1283
by: kfkyle | last post by:
We are currently developing our build process for an ASP.NET application. This application will consist of about 8 assemblies in total. Even though these assemblies will be deployed in a private application directory, we are would like to apply strong names to them. If possible, we would like to avoid the need to rebuild any given Assembly if code changes have not occurred. However, a problem I see with this approach has to do with the...
12
2269
by: Ron Bullman | last post by:
Hi, I haven't been able to find proper (commonly agreed) names for the following kinds of methods. Class (static) methods: c1) returns value, doesn't modify the content of its argument(s) and doesn't change the state of class (class accessor?) c2) returns value, doesn't modify the content of its argument(s) and changes the state of class (class mutator?)
3
1312
by: Leonardo D'Ippolito | last post by:
Hello sirs, I am trying to understand how strong names work. Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll and replaces code parts, and then recompiles again. When MyApplication.exe will load lib.dll the next time, will it detect that it is a different dll if they have strong names?
3
1613
by: Mark Keogh | last post by:
Hi, Why is everything some confusng when MS are involved ;-) Anyway, I have my excel export routines working fine, now when I try to build them into my assembly, which has a strong name, I get the Unable to emit assembly: Referenced assembly 'Interop.VBIDE' does not have a strong name message and everything stops. Now I searched the NET and all I can find is
1
1356
by: =?Utf-8?B?T2xkQnV0U3RpbGxMZWFybmluZw==?= | last post by:
I am trying to teach myself how to compile my application at the command line with the csc.exe. I found a good article which steps you through the process, but I have some questions, which I hope someone can elighten me on.... 1. In VS2005, I found an article about how VS2005 is using a new tool called "MSBuild" to do compiles. Does this mean that csc.exe is being replaced and I really should be learning this new tool? 2. Strong...
6
5692
by: raylopez99 | last post by:
Anybody use Strong Name Signing? I think this is used by default for Resource files, which is one reason perhaps I can't get my resource files to work (somehow the public key is messed up, perhaps since I've installed so many versions of Visual Studio) RL http://msdn.microsoft.com/en-us/library/h4fa028b.aspx Deployment in Visual Studio
0
11283
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10875
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10986
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10501
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9685
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
8049
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7206
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
6093
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
3324
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.