Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my
opinion)
2. Assure that the assembly is really from the "fabricator" (?)
If these two point are correct (i'm not sure), i have a problem with point
2.
To assure the authentity of the fabricator, the public key (which is a part
of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an would
probably use delayed signing.
But how can a client computer really check, whether the installed assembly
is really from this company (checking the public key).
I'm a little bit confused.
Perhaps someone can help me.
Thank in advance.
Reinhold
4  1756 
"Reinhold Schalk" <Re*******@gmx.de> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in
my opinion)
2. Assure that the assembly is really from the "fabricator" (?)
If these two point are correct (i'm not sure), i have a problem with point
2.
To assure the authentity of the fabricator, the public key (which is a
part of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an
would probably use delayed signing.
But how can a client computer really check, whether the installed assembly
is really from this company (checking the public key).
I'm a little bit confused.
Well, basically, an assembly that is linked against a signed assembly has a
reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible for
a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will only
load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.
The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed code
basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify that
they have an assembly that was signed with a specific companys private key.
There isn't much more of a benifit than that, that I can think of anyway.
I don't understand what the questino about SN is, could you clarify it a
bit?
Perhaps someone can help me.
Thank in advance.
Reinhold
Hello Daniel,
thanks for your reply.
Yes, indeed i do also think, that the primary benefit of strong named
assembly from the endusers point of view is, to know exactly that the
assembly is untampered (not modified).
And if i have understood everthing right, there is no way of "automatically"
checking the public key against a certificate, that means really verifying
that the assembly is really from a specific company (Company X delivers a
strong named assembly and says it's from them (does contain their public
key)).
You are right - perhaps one could write a custom loader class who does this
verification, but that's not the way one would like to go...
Concerning SN-Tool i do not have a question. I have justed mentioned it, if
there would have been a way to verifiy the public key, how would this be
accomplished using the public key generated from SN.EXE.
Again thanks for your reply
Reinhold
"Daniel O'Connell" <onyxkirx@--NOSPAM--comcast.net> schrieb im Newsbeitrag
news:HdNkb.600275$cF.264585@rwcrnsc53...
"Reinhold Schalk" <Re*******@gmx.de> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my opinion)
2. Assure that the assembly is really from the "fabricator" (?)
If these two point are correct (i'm not sure), i have a problem with
point 2.
To assure the authentity of the fabricator, the public key (which is a
part of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an
would probably use delayed signing.
But how can a client computer really check, whether the installed
assembly is really from this company (checking the public key).
I'm a little bit confused.
Well, basically, an assembly that is linked against a signed assembly has
a reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible
for a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will
only load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.
The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed
code basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify
that they have an assembly that was signed with a specific companys private
key. There isn't much more of a benifit than that, that I can think of anyway.
I don't understand what the questino about SN is, could you clarify it a
bit?
Perhaps someone can help me.
Thank in advance.
Reinhold
"Reinhold Schalk" <Re*******@gmx.de> wrote in message
news:u3****************@TK2MSFTNGP10.phx.gbl... Hello Daniel,
thanks for your reply.
Yes, indeed i do also think, that the primary benefit of strong named
assembly from the endusers point of view is, to know exactly that the
assembly is untampered (not modified).
And if i have understood everthing right, there is no way of
"automatically" checking the public key against a certificate, that means really verifying
that the assembly is really from a specific company (Company X delivers a
strong named assembly and says it's from them (does contain their public
key)).
You are right - perhaps one could write a custom loader class who does
this verification, but that's not the way one would like to go...
Concerning SN-Tool i do not have a question. I have justed mentioned it,
if there would have been a way to verifiy the public key, how would this be
accomplished using the public key generated from SN.EXE.
Well, you could publish the public key and write a tool that does the
verification, I'm kind of surprised that sn doesn't have a parameter
(atleast that I can find) that will verify an assembly against a given
public key, asit stands you'd basically need to dump the signed key and the
public key from a keypair\public key file and manually compare them...that
is kind of strange.
basically, use sn -p myKey.snk mypublicKey.snk or whatever file names you'd
use, then distribute mypublicKey.snk in a manner that end users could get at
it to verify that the assembly is properly signed.
But, this is pretty much the end of my knowledge. Hopefully someone who is
more knowledgable about the inner workings of signing will reply with more
information.
Again thanks for your reply
Reinhold
"Daniel O'Connell" <onyxkirx@--NOSPAM--comcast.net> schrieb im Newsbeitrag
news:HdNkb.600275$cF.264585@rwcrnsc53...
"Reinhold Schalk" <Re*******@gmx.de> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok
in my opinion)
2. Assure that the assembly is really from the "fabricator" (?)
If these two point are correct (i'm not sure), i have a problem with point 2.
To assure the authentity of the fabricator, the public key (which is a part of the manifest) has to be checked against a certificate.
Is this really done? If yes, who does this? And what about the SN.EXE
Tool - it's possible to generate a lot of keypairs (for testing).
Certainly in a PKI a company would have a public - private key pair an
would probably use delayed signing.
But how can a client computer really check, whether the installed assembly is really from this company (checking the public key).
I'm a little bit confused.
Well, basically, an assembly that is linked against a signed assembly
has a reference to the public key token of the signed assembly(its part of the
full type name), so it can verify that that assembly is, indeed, the
assembly that it is supposed to link to. It also wouldn't be impossible
for a tool\class to be written that can check against a published key on the
producers server. You could, for example, have a loader class that will
only load assemblies signed with a set of keys that are under administrative
control, or you can apply permissions based on public key.
The verification can be circumvented, of course, completly removing all
signing from all assemblies is one way, possibly resigning them. Signed
code basically allows untampered with code to verify that the called assembly
hasn't been tampered with as well as allowing endusers a way to verify
that they have an assembly that was signed with a specific companys private
key. There isn't much more of a benifit than that, that I can think of
anyway.
I don't understand what the questino about SN is, could you clarify it a
bit?
Perhaps someone can help me.
Thank in advance.
Reinhold
The public key is enough to indicate that the assembly is really from the
"fabricator", but it does not at all indicate who the fabricator is.
Basically it is imply there the assist in generating a unique name for each
assembly, and to prevent impersonation. If you want to establish identity
or trust relationships with the fabricator, you would have to rely on
classic signing methods like Authenticode.
As far as validating the public key, it is quite easy. "sn.exe -vf
assembly.dll" Will validate the signature. I'm not good with crypto stuff,
but it's using simple public-private key encryption such that anybody with
the public key can decrypt, but only those with the private key can encrypt.
Thus everybody can validate the signature, but only the fabricator can
create the signature. And just like PGP, you still need some other means of
establishing who the "fabricator" really is.
--
--Grant
This posting is provided "AS IS" with no warranties, and confers no rights.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Tony Jones |
last post by:
I have a third party assembly that I need to strong name because the C#
project I'm referencing it in will be strong named.
Every time I compile...
|
by: Tony Jones |
last post by:
Can anyone think of a reason why a 3rd party vendor writing .NET components
would NOT strong name their assemblies? What harm does adding a...
|
by: Thomas W. Brown |
last post by:
If I am using the CSharpCodeProvider to dynamically compile an in-memory
assembly from some C# source, do I need to worry about signing this...
|
by: Manuel Lopez |
last post by:
Hello,
I have a Web Project (UserControls.dll) with some user controls that
is shared by many asp.net web applicattions.
What we do is copy...
|
by: SStory |
last post by:
How can I strong name my assembly if it references 3rd part non-strong named
dlls?
I just want my part strong named--I don't care about their...
|
by: John |
last post by:
Hi
I have a class project which generates a dll which I would like to install
in the gac. When I build the project, I get the following error;
...
|
by: Bruce Wood |
last post by:
I still haven't gotten through the .NET Framework Security tome on my
desk. Maybe the folks here can answer a burning question.
I want to use...
|
by: dm1608 |
last post by:
I'm relatively new to ASP.NET 2.0 and am struggling with trying to find the
best naming convention for the BAL and DAL objects within my database. ...
|
by: John Liu |
last post by:
Recently I had to do some really nasty work (I consider any IL work
nasty) to get a set of (not strong named) 3rd party assemblies to
compile with...
|
by: tammygombez |
last post by:
Hey fellow JavaFX developers,
I'm currently working on a project that involves using a ComboBox in JavaFX, and I've run into a bit of an issue....
|
by: concettolabs |
last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
|
by: teenabhardwaj |
last post by:
How would one discover a valid source for learning news, comfort, and help for engineering designs? Covering through piles of books takes a lot of...
|
by: Kemmylinns12 |
last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
|
by: Naresh1 |
last post by:
What is WebLogic Admin Training?
WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
|
by: jalbright99669 |
last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
|
by: Matthew3360 |
last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function.
Here is my code.
...
|
by: Matthew3360 |
last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
|
by: AndyPSV |
last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
| |
