At compile a hash is made of the assembly bytes, then signed by the private
key. The signature is stored as well as the public key inside the assembly.
After this the private key is never again (unless you keep recompiling.)
When the code loads the hash is computed again and verified against the
signature. The public key is used to decrypt the signature and the two
clear hashes are compared for equality. If someone changes the code, the
hashes will not compare. If someone changes the public key in the assembly,
the hashes will not equal. However, it is still possible for a third party
to fully resign the assembly with their own key pair which would allow them
to change the assembly and have it still load as normal. This signing was
not developed to protect your assembly (as some still think), the primary
goal was to uniquely (and unambiguously) identify assemblies.
--
William Stacey [MVP]
"Sathyaish" <sa*******@gmail.com> wrote in message
news:11*********************@g47g2000cwa.googlegro ups.com...
Nicholas,
I know what you're saying and it makes a lot of sense. However, I am
still confused. I am not able to reconcile a few ideas.
If the assembly on the target/production server does not carry with it
any signatures in the form of a private key, then how does it know when
a new version wants to overwrite it, that the new version comes from an
authentic source?