473,386 Members | 1,791 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > injecting information into signed file

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Injecting information into signed file

We need to inject information (i.e. server details from where a signed file
was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how to".
It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.
Nov 9 '05 #1
3 1422
The file could perhaps be prepared and signed server side just before the
download ?

Else you could perhaps have in the file some signed resources and some
unsigned one but if this is a monolothic file I doubt this is possible as
precisely the signature allows to guarantee the file as not been updated
since signed...

In which context are you working ? You could also perhaps pass this info as
a param tag or taken from the URL the file comes from if launched directly
from the web...

Sorry for the poor help.

--
Patrice

"wschaub" <ws*****@discussions.microsoft.com> a écrit dans le message de
news:7E**********************************@microsof t.com...
We need to inject information (i.e. server details from where a signed file was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how to". It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.

Nov 9 '05 #2
wschaub wrote:
We need to inject information (i.e. server details from where a
signed file was downloaded) into a signed file, without breaking the
signature or integrity of a signed file. Apparently there are areas
and ways to inject custom information into signed files, however, we
Nope. There are no areas that you can use. When an assembly is signed a
hash is taken over all of the assembly except the location where the
signed hash (strong name signature) and the public key will be stored,
and the location where a cerificate will be stored. You should not play
with these.
cannot find the "how to". It is needed to inject server source when
customer downloads signed files from a site, allowing the downloaded
file to query the information and returning to source where needed.


Why does this server information have to be 'injected' in the assembly.
Why can't it be in a separate file? If you want to make sure that such a
file is not corrupted during the download you can sign that file (ie
create a hash and encrypt it with the private key) and add that
signature to your file. When the assembly uses the file it can remove
the signature and decrypt the hash, then calculate the hash of the
remaining data in the file and compare the two. That gives you an
integrity check. My security workshop shows you how to do this.

Richard
--
http://www.grimes.demon.co.uk/workshops/fusionWS.htm
http://www.grimes.demon.co.uk/workshops/securityWS.htm
Nov 9 '05 #3
Thanks. Your reference are most helpful.

"Patrice" wrote:
The file could perhaps be prepared and signed server side just before the
download ?

Else you could perhaps have in the file some signed resources and some
unsigned one but if this is a monolothic file I doubt this is possible as
precisely the signature allows to guarantee the file as not been updated
since signed...

In which context are you working ? You could also perhaps pass this info as
a param tag or taken from the URL the file comes from if launched directly
from the web...

Sorry for the poor help.

--
Patrice

"wschaub" <ws*****@discussions.microsoft.com> a écrit dans le message de
news:7E**********************************@microsof t.com...
We need to inject information (i.e. server details from where a signed

file
was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how

to".
It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.


Nov 10 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
Injecting code into a function
by: George Sakkis | last post by:
Is there a general way of injecting code into a function, typically before and/or after the existing code ? I know that for most purposes, an OO solution, such as the template pattern, is a cleaner...
Python
29
Signed and unsigned int
by: jacob navia | last post by:
A signed int can contain up to 2Gig, 2 147 483 648, to be exact. Since The Mars rovers landed, I have been storing the photographs in two directories, Spirit and Opportunity. I had more than 18...
C / C++
4
Injecting a value to a byte/word....using bit wise operators...
by: s.subbarayan | last post by:
Dear all, I would like to know the easiest efficient way to set or inject a particular value in the given word or byte?The problem is: I have to implement a function which will set a value from...
C / C++
5
Injecting Code to an existing PE
by: Nadav | last post by:
Hi, Introduction: ************************************************************ I am working on a project that should encrypt PE files ( Portable executable ), this require me to inject some...
.NET Framework
3
Injecting information into signed file
by: wschaub | last post by:
We need to inject information (i.e. server details from where a signed file was downloaded) into a signed file, without breaking the signature or integrity of a signed file. Apparently there are...
.NET Framework
1
Calling js which requests privileges in a signed JAR, from HTML not in the signed JAR
by: lavie | last post by:
I need to do drag and drop in FF - from the browser into a file. This requires the UniversalXPConnect privilege. I based my solution on the eample to be found at ...
Javascript
14
Sql injecting
by: ofiras | last post by:
Hii everyone, I'm a web programmer, but I never understood sql injecting. All I found was that you can write "a' or 'a'='a" in the password field to try to connect without knowing the password. I...
Microsoft SQL Server
1
Injecting a piece of html in all applications in IIS
by: rh.krish | last post by:
Hi, I have a unique situation. We have many applications (approx - 20) built on .NET framework 1.1 & 2.0 and hosted in one single IIS website in PROD. We have similar setup in TEST. Now we want to...
ASP.NET
2
Problem with access to signed javascript file
by: JohnLorac | last post by:
Hello, I'm trying to load and write file on local disc drive using signed javascript file. But I have experienced problem running this url: ...
Java
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!