How CLR verifies that my application is using the right assembly_问答_开发者

How CLR verifies that my application is using the right assembly

开发者 https://www.devze.com 2023-03-16 08:14 出处：网络

I know that it is done by signing assembly with private key. So here how I see the process ... When we have the private/public key pair file we can build assembly signing it using this keys.

相关专题：.net clr

I know that it is done by signing assembly with private key.

So here how I see the process ... When we have the private/public key pair file we can build assembly signing it using this keys. So what in reallity is done is that compiler opens the 'sk'(or pfx) file and retreives the private key (which I understand is impossible for human) and after signing the assembly with the private key it adds the public key into assembly manifest and that is it I have the strongly named assembly.

So what when I run the application which is referencing that assemly ? What does CLR to be sure that the assebly is not repl开发者_JS百科aced and nothing was changed?

A quote from CLR via C#

Signing an assembly with a private key ensures that the holder of the corresponding public key produced the assembly. When the assembly is installed into the GAC, the system hashes the contents of the file containing the manifest and compares the hash value with the RSA digital signature value embedded within the PE file (after unsigning it with the public key). If the values are identical, the file’s contents haven’t been tampered with, and you know that you have the public key that corresponds to the publisher’s private key. In addition, the system hashes the contents of the assembly’s other files and compares the hash values with the hash values stored in the manifest file’s FileDef table. If any of the hash values don’t match, at least one of the assembly’s files has been tampered with, and the assembly will fail to install into the GAC.

Well, here how it works.

When you compile the assembly noting that you want to sign it with already generated public/private key pair file the compiler computes the hash of the assembly (also computes hashes for each file in the assembly and stores the values along with file names in FileDef table) then it signs the hash value with private key and embeds public key in manifest for that assembly.

Now in runtime when the application (assembly) tries to load that signed assembly the assembly is again hashed then CLR gets the public key from the assembly manifest and decrypts the RSA sign and compares the hash value with the sign value. If they are the same than nothing was changed.

The strong name contains a fingerprint of the public-key. So the CLR can verify if the puplic-key matches the name, and if the assembly is signed with the corresponding private-key.

Nice article on strong naming: http://ondotnet.com/pub/a/dotnet/2003/04/28/strongnaming.html

When you set a reference from one assembly to another, the calling assembly stores a representation of the called assembly's public key. At runtime, the CLR can use this to check that the referenced assembly comes from the correct vendor.