Need help understanding assembly signing process

I have a .NET assembly that I am signing. Here is my understanding of the process and related question.

1. For signing assemly, compiler performs a one way hash of assemnbly and then encrypts the hash with publishers private key. Now this encrypted value of hash must be stored somewhere. When I sign an assemly and run ILDasm to view the 开发者_如何转开发IL of assembly I see a .public key section but don't see where this hash is been stored within assemly.

2. From what I read when runtime loads this signed assembly, it is doing the reverse process which involves generating hash of the assembly and decrypt the "strong name signature". This decrypted strong name signature is compared against the hash from step 1. If these two match the runtime loads it, otherwise refuses to load the assembly. I am not sure what exactly is the "strong name signature" that is been decrypted and again where can I find it.

TIA

---

To answer your first point, I have written series of blog posts on the layout of a .NET assembly; I covered the CLR metadata in the second post. As you can see, the strong name hash is stored in the .text section of the assembly, right underneath the CLI header.

I'm afraid I don't know enough to answer your second question. Note, however, that an incorrect strong name doesn't prevent the assembly from loading and running as normal in full-trust scenarios - you have to explicitly check the strong name is intact using a pinvoke call yourself.