473,322 Members | 1,781 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Strong names question ..

Hello sirs,

I am trying to understand how strong names work.

Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET
WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll
and replaces code parts, and then recompiles again. When MyApplication.exe
will load lib.dll the next time, will it detect that it is a different dll
if they have strong names?

How can I implement this procedure? If someone can give me an example I
would appreciate!

Thanks a lot!
Nov 16 '05 #1
3 1289
Leonardo,

If the hashvalue will be the same, the utilizing program may not
distringuish. Typically the hash value will not be the same, but if their
objective is to get the same hashvalue it's feasible. You could take
advantage of an Authenticode certificate as well.
Best regards,

Henrik Dahl

"Leonardo D'Ippolito" <le**********@terra.com.br> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
Hello sirs,

I am trying to understand how strong names work.

Suppose I have lib.dll (a .net library), and also MyApplication.exe (a ..NET WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll
and replaces code parts, and then recompiles again. When MyApplication.exe
will load lib.dll the next time, will it detect that it is a different dll
if they have strong names?

How can I implement this procedure? If someone can give me an example I
would appreciate!

Thanks a lot!

Nov 16 '05 #2
hi
The combination of hashing and digital signing allows .NET to protect your
assemblies from tampering. Here's how it works. First, a hash value is
created from the assembly. Then, the hash value is encrypted with your
private key and placed, along with your public key, in the assembly itself.

The CLR validates assemblies at runtime by comparing two sets of hash
values. First, the public key is used to decrypt the encoded version of the
hash. Second, a new hash is computed from the current contents of the
assembly. If the two hashes match, all is well

What happens if an assembly has been tampered with after it was signed? In
this case, the new hash value calculated at runtime won't match the stored
hash value that was encrypted with your private key. Under those
circumstances, the CLR will refuse to load the assembly.

regards
Ansil

Dimensions
Technopark
Trivandrum
an****@gmail.com

"Leonardo D'Ippolito" wrote:
Hello sirs,

I am trying to understand how strong names work.

Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET
WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll
and replaces code parts, and then recompiles again. When MyApplication.exe
will load lib.dll the next time, will it detect that it is a different dll
if they have strong names?

How can I implement this procedure? If someone can give me an example I
would appreciate!

Thanks a lot!

Nov 16 '05 #3
Strong naming an assembly uses public/private key cryptography. So this involves two keys that are mathematically related but not derivable from eachother. Anything encrypted with one can be decrypted with the other. The idea is that one of these keys is in the public domain, the other you keep secret (the private one). When two people generate a key pair (using the strong name utility sn.exe) the key pairs they generate will be different - including the public keys.

When you sign an assembly with a key pair thet compiler put the public key oin the assembly manifest - this gives the assembly a unique name. It also calculates a hash of the file (using the algorithm that will be identified by the HashAlgortihm entry in the assembly manifest) and encrypts this with the private key. This encrypted signature is stored in the assembly as well.

When you build against a string named assembly, a hash of the public key of that assembly (the PublicKeyToken) is put in the applications manifest in an external assembly reference. Now when the app;ication runs, at some point the JIT compiler compiles a type in that assembly. When it does so it needs to locate the assembly that houses the type and so the Assembly Resolver kicks in. This pushes the assembly name and configuration information to specifiy a physical localtion from which to load the assembly.

The Assembly Loader then loads the assembly. It notices that it has a strong name - the public key is in the manifest remember. So it decrypts the signature with the public key and rehashes the assembly if the decrypted hash and the one just calculated match then the assembly hasn't been tampered with, if they differ then it does.

One caveat: the above description does not take account of various other things that may have been done to try to get around this mechanism which we can discuss if you want to go deeper.

Regards

Richard Blewett - DevelopMentor
http://www.dotnetconsult.co.uk/weblog
http://www.dotnetconsult.co.uk

Hello sirs,

I am trying to understand how strong names work.

Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET
WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll
and replaces code parts, and then recompiles again. When MyApplication.exe
will load lib.dll the next time, will it detect that it is a different dll
if they have strong names?

How can I implement this procedure? If someone can give me an example I
would appreciate!

Thanks a lot!

Nov 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

94
by: Gabriel Zachmann | last post by:
Is it correct to say that strong/weak typing does not make a difference if one does not use any pointers (or adress-taking operator)? More concretely, I am thinking particularly of Python vs C++....
129
by: Torbjørn Pettersen | last post by:
I've started cleaning up my HTML and implementing CSS. So far I've used FrontPage, but am switching over to DreamWeaver. Reading a bit on W3Schools.com and W3.org I see there are a lot of HTML...
2
by: Freeon | last post by:
Hi, I am looking for a way to sort a strong typed dataset. It would seem the most straightforward way is to use a dataview. The only problem is when I use the dataview I seem to loose the strong...
0
by: Mário Sobral | last post by:
Hi, I created an assembly (let's call it assembly (B)) that returns a localized resource for a given key (similar to System.Globalization.ResourceManager). I checks if the caller assembly (let's...
1
by: Leonardo D'Ippolito | last post by:
Hello sirs, I am trying to understand how strong names work. Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET WinApp) . MyApplication uses lib.dll . Suppose someone...
0
by: kfkyle | last post by:
We are currently developing our build process for an ASP.NET application. This application will consist of about 8 assemblies in total. Even though these assemblies will be deployed in a private...
20
by: Razzie | last post by:
Hey all, I'm really going through a small hell right now - I've completely lost it :) I made a project, using two interop libraries from exchange (created them as in this msdn article:...
3
by: Mark Keogh | last post by:
Hi, Why is everything some confusng when MS are involved ;-) Anyway, I have my excel export routines working fine, now when I try to build them into my assembly, which has a strong name, I get...
6
by: raylopez99 | last post by:
Anybody use Strong Name Signing? I think this is used by default for Resource files, which is one reason perhaps I can't get my resource files to work (somehow the public key is messed up, perhaps...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.