By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,816 Members | 2,151 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,816 IT Pros & Developers. It's quick & easy.

Signing

P: n/a
Hello,

I'm new to .NET and have this thing I didn't understand from docs:

When signing my assembly with sn.exe, do I protect the assembly content
in any way? If someone alters the code inside, will the .NET framework
still load this assembly?

If yes, how to do to protect the contents as well? Is there some kind of
checksum I can add, or any protection?

Thanks,
Patric

Jul 21 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Whether or not the CLR will load the an assembly signed with a certain key depends entirely on the context from which the assembly is running
Try this: http://msdn.microsoft.com/library/de...essSecurity.as
There's a wealth of information there, and yes, there is checking you can do if need be

If you have any specific questions, feel free to drop me an e-mail

Travis Merke
v-******@microsoft.com
Jul 21 '05 #2

P: n/a
Travis,

Thanks for your fast answer.
What I understand is that signing won't secure the assembly by itself,
and that there's more to be done to do this.

What I am trying to achieve is to build an assembly that won't load if
altered from the original code. I'll read more from the link you
provided. If you have any more hints in this direction, I'll be very
grateful.

Thanks,
Patric

Travis Merkel wrote:
Whether or not the CLR will load the an assembly signed with a certain key depends entirely on the context from which the assembly is running.
Try this: http://msdn.microsoft.com/library/de...ssSecurity.asp
There's a wealth of information there, and yes, there is checking you can do if need be.


Jul 21 '05 #3

P: n/a
Hello,

Sorry I have not been clearer. I'm very new to .NET and confused a bit
about all the new terms and concepts.

What I am trying to do is to make sure the CLR checks the integrity of
the assembly. What I want to achieve is a having very difficult to crack
assembly (this is because assemblies are so easy to decompile, even when
obfuscated).

I am not sure what to do more besides signing to improve security in
this direction (prevent altering the assembly contents).

Thanks a lot for your answers,
Patric
Travis Merkel wrote:
just let me know what you're trying to do. And if you do have any more questions regarding CAS, feel free to ask.

Jul 21 '05 #4

P: n/a
I think this article may be closer to the info you're looking for: http://msdn.microsoft.com/library/de...strongnames.as

There's no real way to verify the integrity of the first executing exe. This could be accomplished by locking down the My Computer zone to Low Trust and adding policies for only those apps that need Full Trust, but this is not a feasible solution

If you build an exe that references a signed dll, the hash of the key is stored in the manifest for the exe. The CLR will then use this hash to make sure the dll being called by the exe is still good

The issue of the first executing assembly will be addressed in the next version of the framework. This will be accomplished by the My Computer zone being given a lower level of permissions by default. That way, the first executing assembly will have to request higher permissions, and thus signing it will determine whether or not it's granted them

I hope I've helped more than I've confused you. I'll be happy to try and clarify if you want

Travis Merke
v-******@microsoft.com
Jul 21 '05 #5

P: n/a
Travis,

Thanks a lot, the article clarified it quite well. I understood now that
the assmebly contents cannot be protected per se, and that in order to
achive this an additional operation has to be done on the computer where
the assembly is to be loaded (involving the customization of security
settings etc).

It makes sense. I was hoping for some magic :))) but it makes sense as
it is.

Thanks a lot for your help,
Patric
Travis Merkel wrote:
There's no real way to verify the integrity of the first executing exe.


Jul 21 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.