473,805 Members | 1,939 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Assembly Signing

bob
Hello,
I thought assembly signing might add protection against people reverse
engineering my program, removing the protection and using it
illegally.

But it seems they can just stop the clr from authenticating it with Sn
-Vr.

Is that true, or have I misunderstood?

Cheers,

Bob
Nov 16 '05 #1
3 3165
bob <bo**********@h otmail.com> wrote:
I thought assembly signing might add protection against people reverse
engineering my program, removing the protection and using it
illegally.
Nope.
But it seems they can just stop the clr from authenticating it with Sn
-Vr.

Is that true, or have I misunderstood?


Well, more than that - they can just remove the protection and
recompile without bothering with strong-name authentication at all.
Only things which actually care about using the signature of the
assembly would notice the difference.

--
Jon Skeet - <sk***@pobox.co m>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 16 '05 #2
Signing lets you provide your users with a guarantee that the assembly
originated from you. When you're downloading code from the Internet or an
untrusted medium, you want to ensure that the DLL is what it says it is, and
isn't some spyware application.

If you modify the assembly, the signature will no longer be valid because
the checksum has changed.

If you choose not to authenticate then that's up to you: it's there for
people who want to ensure the source of the assembly.

Assembly signing doesn't encrypt the bytecode or make it difficult to
decompile, you want something like an obfuscator to do that.

--
John Wood
EMail: first name, dot, second name at priorganize.com
"bob" <bo**********@h otmail.com> wrote in message
news:b0******** *************** ***@posting.goo gle.com...
Hello,
I thought assembly signing might add protection against people reverse
engineering my program, removing the protection and using it
illegally.

But it seems they can just stop the clr from authenticating it with Sn
-Vr.

Is that true, or have I misunderstood?

Cheers,

Bob

Nov 16 '05 #3
SN will allow you to protect your assembly so no one can
reference your assembly and then start calling methods.
They can only call your methods if you supply them with
your public key.

There is no way you can protect your assembly from
someone decompiling your code. This is because the CLR
needs to understand your code so it can run it (that's
how .NET is designed). You can use tools such as
Dotfuscator Community Edition which allows you to rename
functions and variables which makes it difficult for
someone to understand what your code is doing.

Hope this helps,
-----Original Message-----
Hello,
I thought assembly signing might add protection against people reverseengineering my program, removing the protection and using itillegally.

But it seems they can just stop the clr from authenticating it with Sn-Vr.

Is that true, or have I misunderstood?

Cheers,

Bob
.

Nov 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
1864
verifying the authentity of an assembly producer with strong naming?
by: Reinhold Schalk | last post by:
Hello, somewhere i've read that using strong names does assure two things: 1. Assure that the content of the assembly is not modified (that's ok in my opinion) 2. Assure that the assembly is really from the "fabricator" (?) If these two point are correct (i'm not sure), i have a problem with point 2. To assure the authentity of the fabricator, the public key (which is a part of the manifest) has to be checked against a certificate.
C# / C Sharp
2
2732
BinaryFormatter.Deserialize after signing of assembly fails
by: Henrik Skak Pedersen | last post by:
Hello, I have a class which is beeing serialized/deserialized using the BinaryFormatter class. That has been working with no problems until I signed all my assemblies. Now I get a SerializationException when I try to Deserialize the class which has been serialized before the signing. So what is best practice in my situation? Do I have to convert all my saved classes or do I write a SerializationBinder to handle it runtime?
C# / C Sharp
2
3595
How can I give an assembly a valid strong name
by: steve bull | last post by:
When I run FXCop(1.32) against my project I keep getting the error "Assemblies should have strong names" and cannot get rid of the message. I edited the assembly info :
C# / C Sharp
1
1679
signing an assembly
by: AVL | last post by:
Hi I need some clarification on signing. what does it mean--signing an assembly? where is ti used? How is it used?
ASP.NET
3
4416
At wits end dealing with "Assembly's manifest does not match assembly reference". Need help understanding the process.
by: Richard Lewis Haggard | last post by:
We are having a lot of trouble with problems relating to failures relating to 'The located assembly's manifest definition with name 'xxx' does not match the assembly reference" but none of us here really understand how this could be an issue. The assemblies that the system is complaining about are ones that we build here and we're not changing version numbers on anything. The errors come and go with no apparent rhyme or reason. We do not...
C# / C Sharp
1
14519
Error While Signing An Assembly...
by: Jason Richmeier | last post by:
I have encountered an error while attempting to sign an assembly. I have become quite frustrated since I seem to be going in circles and making no progress. Hopefully someone will have the magic answer. I am new to this so I will try to describe everything as well as I can. There are probably a number of things that I am doing wrong so I will try to desribe the errors that I am receiving along with things that I have tried and...
.NET Framework
3
17620
Where is System.Reflection.dll assembly?
by: groovyjman21 | last post by:
Hi, I am using FXCop on my c# project and it is complaining about signing the assembly with a strong name key. All the documentation I can find says to do: using System.Reflection; .... namespace Foo Which is fine, except that I need to add a reference in my Project to the System.Reflection.dll assembly and I can't find it. I have .NET
C# / C Sharp
1
1648
Signing an assembly
by: GMiller | last post by:
I'm trying to sign my assembly so that I can use the caspol.exe tool to create a permissions set for it. This is my first experience signing the assembly. In VS 2005 I went to properties->signing, checked the "sign the assemply" box, clicked the "new" option, typed in a name and password. Now when using the command line parameters for the caspol do I simply use the following caspol -machine -addgroup All_Code -pub -file <key...
C# / C Sharp
0
1026
Implications of Signing an Assembly
by: adam3223 | last post by:
I have a mixed code dll which will be used by many developers to build applications on top of. I've read signing an assembly is recommended to rule out any naming conflicts, and increase security. However I believe that signing a dll uses it version number as part of the signing process, the problem being: If i initially released v1.0.0.0 and other developers generated applications using it, if i updated the dll to v1.0.0.1 its...
.NET Framework
0
9716
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10609
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10360
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9185
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7646
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6876
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5542
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5677
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3845
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us