473,405 Members | 2,379 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > where is the private key stored?

Join Bytes to post your question to a community of 473,405 software developers and data experts.

Where is the private key stored?

Where is the private key to an assembly stored?

The public key is stored in the manifest. All clients that reference
the shared assembly, when compiled, store the public key _token_ into
their manifests along with a hash value for the referenced assemblies.

However, the private key is not distributed. From what I've read, it
still remains with the author on his machine in the .snk file generated
by the sn utility.

If the private key never leaves the development PC, how does the
production server where the shared assembly is deployed sign itself so
that its clients may be assured of its authenticity?

Nov 23 '05 #1
6 2445
Sathyaish,

It doesn't. The assembly is signed before the assembly is distributed
to the production server.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Sathyaish" <Sa*******@Yahoo.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Where is the private key to an assembly stored?

The public key is stored in the manifest. All clients that reference
the shared assembly, when compiled, store the public key _token_ into
their manifests along with a hash value for the referenced assemblies.

However, the private key is not distributed. From what I've read, it
still remains with the author on his machine in the .snk file generated
by the sn utility.

If the private key never leaves the development PC, how does the
production server where the shared assembly is deployed sign itself so
that its clients may be assured of its authenticity?

Nov 23 '05 #2
> The assembly is signed before the assembly is distributed
to the production server.

Nicholas,

Here's my understanding and let's see if we can reconcile it with the
facts.

The assembly is signed by running the sn utility on it. This generates
a file that carries the public and private key pair. The pair is not
yet linked to the assembly until you specify the
Assembly:AssemblyKeyFile attribute in the assemblyinfo.cs file, and
then build the project (to install the key pair into the CSP).

After this, I am lost. The assembly is installed in the GAC on the
production server using gacutil -i or an msi installer.

How does the private key move from the .snk file on the development PC
to the production server? Do you mean that when the project is built
after giving the assembly a strong name, the private key is also munged
into some part of the assembly? Just like the public key is written to
the manifest, is the private key also written to some other portion
(may be the IL itself or the metadata section)?

Nov 23 '05 #3
Sathyaish,

No, the private key is not located anywhere in the assembly. The idea
here is that an assembly with a public key can only be created by the person
who has the private key.

If the private key was in the assembly, then someone could extract it,
and compile their own assemblies with your identity.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Sathyaish" <sa*******@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
The assembly is signed before the assembly is distributed

to the production server.

Nicholas,

Here's my understanding and let's see if we can reconcile it with the
facts.

The assembly is signed by running the sn utility on it. This generates
a file that carries the public and private key pair. The pair is not
yet linked to the assembly until you specify the
Assembly:AssemblyKeyFile attribute in the assemblyinfo.cs file, and
then build the project (to install the key pair into the CSP).

After this, I am lost. The assembly is installed in the GAC on the
production server using gacutil -i or an msi installer.

How does the private key move from the .snk file on the development PC
to the production server? Do you mean that when the project is built
after giving the assembly a strong name, the private key is also munged
into some part of the assembly? Just like the public key is written to
the manifest, is the private key also written to some other portion
(may be the IL itself or the metadata section)?

Nov 23 '05 #4
Nicholas,
I know what you're saying and it makes a lot of sense. However, I am
still confused. I am not able to reconcile a few ideas.

If the assembly on the target/production server does not carry with it
any signatures in the form of a private key, then how does it know when
a new version wants to overwrite it, that the new version comes from an
authentic source?

Nov 23 '05 #5
Your problem is about understanding the more general problem private/public
key concept in cryptography.

I will let it up to you to find relevant reading, just explain this
particulare case.

Basically there is a 'secure signature' in the assembly however it's called.
It's a hash of the assembly encrypted with the private key.
Because the public key is public, every one could use the public key to
decrypt the signature and verify it corresponds to the assembly's hash.

But only the private key could produce this signature. And private & public
key for a pair.
So you know it's valid.

"Sathyaish" <sa*******@gmail.com> wrote in message
news:11*********************@g47g2000cwa.googlegro ups.com...
Nicholas,
I know what you're saying and it makes a lot of sense. However, I am
still confused. I am not able to reconcile a few ideas.

If the assembly on the target/production server does not carry with it
any signatures in the form of a private key, then how does it know when
a new version wants to overwrite it, that the new version comes from an
authentic source?

Nov 23 '05 #6
At compile a hash is made of the assembly bytes, then signed by the private
key. The signature is stored as well as the public key inside the assembly.
After this the private key is never again (unless you keep recompiling.)
When the code loads the hash is computed again and verified against the
signature. The public key is used to decrypt the signature and the two
clear hashes are compared for equality. If someone changes the code, the
hashes will not compare. If someone changes the public key in the assembly,
the hashes will not equal. However, it is still possible for a third party
to fully resign the assembly with their own key pair which would allow them
to change the assembly and have it still load as normal. This signing was
not developed to protect your assembly (as some still think), the primary
goal was to uniquely (and unambiguously) identify assemblies.

--
William Stacey [MVP]

"Sathyaish" <sa*******@gmail.com> wrote in message
news:11*********************@g47g2000cwa.googlegro ups.com...
Nicholas,
I know what you're saying and it makes a lot of sense. However, I am
still confused. I am not able to reconcile a few ideas.

If the assembly on the target/production server does not carry with it
any signatures in the form of a private key, then how does it know when
a new version wants to overwrite it, that the new version comes from an
authentic source?

Nov 23 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Where are the static members stored in the momory?
by: VJ | last post by:
Hi, I apologize if this question has been asked many times on the group! I am new to programming, I know that there are three section in address space- one for code, one for stack, and the...
C / C++
9
Please Explain where will the struct be stored if it is declared inside the Class
by: thomson | last post by:
Hi all, Would you please explain me where will be the heap stored if it is declared inside the Class, As class is a reference type, so it gets stored on the heap, but struct is a value...
C# / C Sharp
6
Where is the private key stored?
by: Sathyaish | last post by:
Where is the private key to an assembly stored? The public key is stored in the manifest. All clients that reference the shared assembly, when compiled, store the public key _token_ into their...
C# / C Sharp
7
C++ list and private copy constructor
by: Jan | last post by:
Hi There, I want to insert an object with private copy constructor at the and of a STL list. Is there an easy way to do it like that: list <x> myList; // x has private copy constructor .... ...
C / C++
86
php 5 classes: public, protected and private
by: jopperdepopper | last post by:
Hi, finally giving php 5 a go, and going over the new approach to classes. Can someone clarify the public, private and protected to me? I quote the php manual: "The visibility of a property or...
PHP
15
difference between private static and public static.
by: archana | last post by:
Hi all, can anyone tell me differene between public static and private static method. how they are allocated and access?. thanks in advance.
C# / C Sharp
1
where cached objects are stored
by: a.mustaq | last post by:
Hi All, I have some doubts regarding to caching. 1.Where cached objects are stored. 2.What is public caching and private caching. 3.Is caching user specific or application specific Please...
ASP.NET
2
Memory consumption .NET 1.1 Where is the memory before a garbage collection?
by: roger.dunham | last post by:
I am trying to identify whether a .NET 1.1 application that I have written has a memory leak. I thought I understood how .NET memory management worked, but it appears that there is more to it...
.NET Framework
37
Re: c++ class design: where to put debug purpose utility class?
by: Phlip | last post by:
1230987za wrote: Kanze is a classically-trained "unit tester". In some circles "unit" is a QA concept - specifically, if a test fails, you only need to inspect one unit. So "units" are...
C / C++
8
General Web Prgrming. - Where is this password stored?
by: DevInCode | last post by:
I'm working on a site that has been left to die for a few years. There is a login to access a certain part of the site. I can't figure out where this password is stored. When the private html...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!