Hello,
I'm new to .NET and have this thing I didn't understand from docs:
When signing my assembly with sn.exe, do I protect the assembly content
in any way? If someone alters the code inside, will the .NET framework
still load this assembly?
If yes, how to do to protect the contents as well? Is there some kind of
checksum I can add, or any protection?
Thanks,
Patric
5  1485 
Whether or not the CLR will load the an assembly signed with a certain key depends entirely on the context from which the assembly is running
Try this: http://msdn.microsoft.com/library/de...essSecurity.as
There's a wealth of information there, and yes, there is checking you can do if need be
If you have any specific questions, feel free to drop me an e-mail
Travis Merke v-******@microsof t.com
Travis,
Thanks for your fast answer.
What I understand is that signing won't secure the assembly by itself,
and that there's more to be done to do this.
What I am trying to achieve is to build an assembly that won't load if
altered from the original code. I'll read more from the link you
provided. If you have any more hints in this direction, I'll be very
grateful.
Thanks,
Patric
Travis Merkel wrote: Whether or not the CLR will load the an assembly signed with a certain key depends entirely on the context from which the assembly is running.
Try this: http://msdn.microsoft.com/library/de...ssSecurity.asp
There's a wealth of information there, and yes, there is checking you can do if need be.
Hello,
Sorry I have not been clearer. I'm very new to .NET and confused a bit
about all the new terms and concepts.
What I am trying to do is to make sure the CLR checks the integrity of
the assembly. What I want to achieve is a having very difficult to crack
assembly (this is because assemblies are so easy to decompile, even when
obfuscated).
I am not sure what to do more besides signing to improve security in
this direction (prevent altering the assembly contents).
Thanks a lot for your answers,
Patric
Travis Merkel wrote: just let me know what you're trying to do. And if you do have any more questions regarding CAS, feel free to ask.
I think this article may be closer to the info you're looking for: http://msdn.microsoft.com/library/de...strongnames.as
There's no real way to verify the integrity of the first executing exe. This could be accomplished by locking down the My Computer zone to Low Trust and adding policies for only those apps that need Full Trust, but this is not a feasible solution
If you build an exe that references a signed dll, the hash of the key is stored in the manifest for the exe. The CLR will then use this hash to make sure the dll being called by the exe is still good
The issue of the first executing assembly will be addressed in the next version of the framework. This will be accomplished by the My Computer zone being given a lower level of permissions by default. That way, the first executing assembly will have to request higher permissions, and thus signing it will determine whether or not it's granted them
I hope I've helped more than I've confused you. I'll be happy to try and clarify if you want
Travis Merke v-******@microsof t.com
Travis,
Thanks a lot, the article clarified it quite well. I understood now that
the assmebly contents cannot be protected per se, and that in order to
achive this an additional operation has to be done on the computer where
the assembly is to be loaded (involving the customization of security
settings etc).
It makes sense. I was hoping for some magic :))) but it makes sense as
it is.
Thanks a lot for your help,
Patric
Travis Merkel wrote: There's no real way to verify the integrity of the first executing exe. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Joel Leong |
last post by:
I wish to know the industrial practices for signing
assemblies with key files.
I genereted a key file to sign my assemblies.
Should I sign all my assemblies with a single key files
or I shall generate one key file for each assembly?
Perhaps, I should generate a key file per group of
related assemblies?
|
by: Martin |
last post by:
I have a couple of questions around code signing with MS technology:
1. Is there a way to transfer the generated strong name signing private key
directly to a smartcard (or generate it on the smart card), without the
unsecure intermediate storage to the filesystem using sn -k and sn -i?
2. What is the format of the key files produced by sn -k and sn -p?
3. Is there a way to generate a PKCS#10 format certificate request from the
sn -p...
|
by: Todd Richardson |
last post by:
Two questions. We would like to have users complete
ASP.NET web forms for submission. Once these are
completed I would like to generate an XML document from
the form. The XML document should include the data and
the form so that the orginal document could be recreated
even if the submitting form is changed in the future.
I would also like to sign the XML document so that we can
provide proof that the xml document has not been...
|
by: cl |
last post by:
I am using the "VeriSign Class 3 Code Signing" certificate for signing
my Access program in Office 2003.
Up to now, when program was installed on client machine, a form was
appearing and user was selecting option "Always trust files from this
publisher.....". With these steps Certificate was installed and
security warnings of Office 2003 were not appearing again.
On another machine, these steps didn't succed. When viewing the...
|
by: bob |
last post by:
Hello,
I thought assembly signing might add protection against people reverse
engineering my program, removing the protection and using it
illegally.
But it seems they can just stop the clr from authenticating it with Sn
-Vr.
Is that true, or have I misunderstood?
| | |
by: AVL |
last post by:
Hi
I need some clarification on signing.
what does it mean--signing an assembly?
where is ti used? How is it used?
|
by: Daniel |
last post by:
Hi, I need help signing SOAP/XML. Have been stuck with this for a
couple of days now.
I get the following error message from the server: "The security
token could not be authenticated or authorized."
I am probably doing something wrong in the signing process. I use a
tool called "Exchanger XML Professional 3.2" for canonicalization and
sending the message. OpenSSL for SHA-1 hashing, RSA signing and Base 64
encoding.
|
by: Raffi Basmajian |
last post by:
I am trying to understand the difference between signing ClickOnce manifests
and signing shared assemblies. My company is building .Net 2005 WinForm
applications for internal company use only. Currently, the ClickOnce security
settings on the applications is set for "Full Trust". We are using shared
assemblies across development groups, but none of these assemblies are signed
with strong names since signing assemblies is only required when...
|
by: raylopez99 |
last post by:
Anybody use Strong Name Signing? I think this is used by default for
Resource files, which is one reason perhaps I can't get my resource
files to work (somehow the public key is messed up, perhaps since I've
installed so many versions of Visual Studio)
RL
http://msdn.microsoft.com/en-us/library/h4fa028b.aspx
Deployment in Visual Studio
|
by: BillE |
last post by:
<extreme frustration>
I have googled and read about this, but can't seem to get a grip on it.
Apparently I am being coerced into digitally signing applications. Is this
true? What if I don't want to?
The basic question is: If I click the "Create Test Certificate" button on
the Signing tab of the properties for my application so I can publish it,
what happens when I distribute the application?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
