By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,515 Members | 1,110 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,515 IT Pros & Developers. It's quick & easy.

Extraction of signed .NET assembly public key

P: n/a
Nak
Hi there,

I have made a class for signing and verifying XML files using the
SignedXML class in the .NET Framework. What I would like to do is use the
same Private key that I digitally sign my assembly with to sign an XML file
and then within the application check that the XML file will verify with the
public key that is embedded within the assembly. Hopefully this will make
things more secure than having a resource file containing the public key or
a literal string with the key, any ideas? Thanks loads in advance!

Nick.
Nov 21 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi Nick,

When we sign an assembly, the public will be saved in its metadata. If you
look at an assembly's manifest using ILDASM, you'll be able to see its
public key quite plainly. Therefore, I don't think it will be safer than
having a resource file containing the public key or a literal string with
the key.

Luke

Nov 21 '05 #2

P: n/a
To get the public key from an assembly, you can use the sn.exe:

sn -Tp foo.dll
Luke

Nov 21 '05 #3

P: n/a
Nak
Hi Luke,
When we sign an assembly, the public will be saved in its metadata. If you
look at an assembly's manifest using ILDASM, you'll be able to see its
public key quite plainly. Therefore, I don't think it will be safer than
having a resource file containing the public key or a literal string with
the key.


Maybe "Safety" wasn't the correct word to use, but more like
convenience, I think it makes more sence to use only 1 set of keys rather
than creating a new set each time, it's not as if someone is going to brute
force crack it is it? :-) It would just mean that I can publish the
"public" key on my web site also and inform people what the correct public
key is. This 1 set of keys can then sign my applications and licenses. But
maybe the other approach is much easier to perform, I was just a little
unsure as to whether initialising a string containing my public key was the
*correct* way or not. Cheers all the same, I shall get cracking (so to
speak).

Nick.
Nov 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.