Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedGiving a .NET Assembly a Strong Name
You assign a .NET assembly a strong name by associating the assembly with a pair of 1,024-bit cryptographic public keys and private keys. The actual process varies slightly, depending on whether the developer has access to the private key. In larger, security-oriented corporations, most developers do not have access to the private key. Instead, only a few members of a final QA or security team can access the private key.
In order to assign one or more assemblies a strong name, you must first create the 1,024-bit public and private key pair. You do this by running the Strong Name Utility (SN.EXE) , like so:
sn.exe -k PublicPrivateKeyFile.snk
This randomly creates a pair of 1,024-bit cryptographic keys. You can use these keys for encryption and decryption by using the RSA public/private key algorithm. The resulting key file contains both the public and the private key. You can extract the public key from the file and place it in a separate file like this:
sn.exe -p PublicPrivateKeyFile.snk PublicKeyFile.snk
Typically, you will only perform the above steps once per corporation or division because all assemblies you produce can use the same public and private keys as long as the assemblies have unique friendly text names.
Next, you need to associate the 1,024-bit public key with an assembly. You do this by telling the compiler to read the contents of a key file, extract the public key from the key file, and place the public key into the definition of the assembly's identity. In effect, this makes the public key an extension of the friendly text name of the assembly. This also makes the .NET assembly name globally unique because no other developer will be using the same 1,024-bit public key as part of their assembly’s name.
When you have access to the key file that contains both the public and the private key, you can associate the assembly with a public key and digitally sign the assembly (discussed later) in a single operation by including the following compiler metadata instructions in one of your assembly's source files.
// C# using System.Reflection; [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile("PublicPrivateKeyFile.snk")] ' VB.NET Imports System.Reflection <Assembly: AssemblyDelaySign(false)> <Assembly: AssemblyKeyFile("PublicPrivateKeyFile.snk")>
Alternatively, when you only have access to the key file that contains just the public key, you must enable delay signing of the assembly . Therefore, instead of the above attributes, you need to specify the following attributes.
// C# using System.Reflection; [assembly: AssemblyDelaySign(true)] [assembly: AssemblyKeyFile("PublicKeyFile.snk")] ' VB.NET Imports System.Reflection <Assembly: AssemblyDelaySign(true)> <Assembly: AssemblyKeyFile("PublicKeyFile.snk")>
At this point, your assembly has a strong name. Further, if you specified that the compiler should not delay sign the assembly (therefore, the compiler did sign the assembly), the assembly is also a valid assembly and you can load it, debug it, and generally use it as you wish.
However, if you specified that the compiler should delay sign the assembly (therefore, the compiler did not sign the assembly), you will discover that the runtime considers the assembly to be invalid and will not load it or allow you to debug and run it.
When the compiler digitally signs an assembly, it calculates a cryptographic digest of the contents of the assembly. A cryptographic digest is a fancy hash of your assembly's file contents. Let's call this cryptographic digest the compile-time digest of the assembly. The compiler encrypts the compile-time digest using the 1,024-bit private key from your public-private key pair file. The compiler then stores this encrypted compile-time digest into the assembly. Note that this all happens during development.
Sometime later, whenever the .NET loader loads an assembly with a strong name, the loader itself calculates a cryptographic digest of the contents of the assembly. Let's call this digest the runtime digest of the assembly. The loader then extracts the encrypted compile-time digest from the assembly, extracts the public key for the assembly from the assembly itself, and uses the public key to decrypt the previously encrypted compile time digest. The loader then compares the calculated runtime digest to the decrypted compile-time digest. When they are not equal, something or someone has modified the assembly since you compiled it; therefore, the runtime fails the assembly load operation.
Note: Based on the above description, when you do not have access to the private key, you cannot encrypt the compile-time digest, thus cannot sign the assembly. In this case, you must delay sign the assembly. Setting the delay signing option to true tells the compiler that you'll calculate, encrypt, and store the compile-time digest into the assembly at a later time. Because a delay signed assembly does not contain a valid digital signature, the runtime will not load it.
However, developers without access to the private key need to be able to debug and test a delay signed assembly. Therefore, such developers must inform the runtime that it should load an assembly even though it does not contain a valid digital signature.
You can instruct the runtime to skip the digital signature verification process for a particular assembly a specific system by using the following command:
sn.exe -Vr YourAssembly.dll
Technically, this instruction registers the specified assembly for digital signature verification skipping. It is a sticky setting in that the runtime never again verifies the digital signature for that assembly until you unregister it for verification skipping using the inverse command:
sn.exe -Vu YourAssembly.dll
A developer without access to the private key cannot digitally sign an assembly, so must register the assembly for verification skipping in order to debug and test the assembly.
Finally, once the developer determines that the assembly operates correctly, she hands off the assembly to the team that does have access to the private key. That team performs the delay signing operation on the assembly by using the following command:
sn.exe -R YourAssembly.dll PublicPrivateKeyFile.snk
The strong name utility computes the compile-time cryptographic digest for the assembly, encrypts the digest with the private key from the key file, and stores the encrypted digest into the assembly. The assembly will now load successfully on all systems.
Now, let's consider the effect of obfuscation on this process.
One .NET obfuscator, Demeanor for .NET , uses the .NET runtime to load the assembly it is obfuscating to insure that it obfuscates exactly those assemblies the .NET runtime will load when an application executes. Therefore, the assembly to be obfuscated must be loadable. This means that, in order for Demeanor for .NET to load an assembly, one of the following must be true.
- It must contain a valid digital signature or,
- You must have enabled digital signature verification skipping for the assembly on the obfuscating system.
Obfuscation modifies the assembly. This means that even when the assembly contains a valid digital signature before the obfuscation process (step one above), the assembly will not contain a valid digital signature after the obfuscation process.
Therefore, after obfuscating an assembly, you must either re-sign the assembly (which computes the proper digest, encrypts it, and stores it into the assembly), or you must only use the assembly on systems with digital signature verification skipping enabled, which isn't really a practical option except for developers debugging the obfuscated code.
Practically, this means that you end up using the delay signing process when obfuscating an assembly with a strong name. The typical usage pattern for a developer using obfuscation is:
Build the assembly with delay signing enabled.
Enable strong name verification skipping for the assembly (sn.exe -Vr).
Debug and test the assembly.
Obfuscate the assembly.
Debug and test the obfuscated version.
Delay sign the assembly (sn.exe -R).
Alternatively, smaller shops that allow all developers access to the private key do the following:
Build the assembly with delay signing disabled.
Debug and test the assembly.
Obfuscate the assembly.
Delay sign the assembly (sn.exe -R).
Debug and test the obfuscated version.
About the Author
Brent Rector has designed and written operating systems, compilers and many, many applications. He began developing Windows applications using a beta version of Windows 1.0. Brent is the founder of Wise Owl Consulting, Inc. (http://www.wiseowl.com), a Windows software development and consulting firm and is an instructor for Wintellect (http://www.wintellect.com). Brent has developed the premier .NET code obfuscator, Demeanor for .NET, Enterprise Edition. He has also written several books on Windows programming, including ATL Internals, Win32 Programming and others.
# # #
Comments
Summary piece of content exposes the indeniable info regarding chanel and also how it can certainly have an effect on anyone.
Posted by emeseesip on 05/07/2013 04:13amPossibly The Most Thorough gucci Tutorial You Ever Read Otherwise Your Cash Back [url=http://www.guccija.biz/]ã°ããã財å¸[/url] Whoa, wonderful service. You gotta check out adidas straight away whilst it is still available to buy . . . [url=http://www.guccija.biz/]ã°ãã é·è²¡å¸[/url] nike aids every one of us by integrating a handful of unique functions and capabilities. It is a unvaluable thing for every enthusiast of nike. [url=http://www.guccija.biz/]ã°ãã è²¡å¸ æ°ä½[/url] Independent guide uncovers Six brand new stuff concerning gucci that absolutely no one is talking about. [url=http://www.chanelja.biz/]ã·ã£ãã« ããã©ãã»[/url] Explanation why nobody is speaking of adidas and therefore precisely what one ought to complete right now. [url=http://www.chanelja.biz/]ã·ã£ãã« é·è²¡å¸[/url] Creative queries about nike answered and as a result why you really should try to take a look at each and every word within this guide. [url=http://www.chanelja.biz/]chanel ããã°[/url] Basic fundamentals of of gucci which you can cash in on commencing today.[url=http://www.nikeja.biz/]ãã¤ã[/url] Tips to learn almost everything there is to find out around adidas in Two very easy steps.
ReplyChemise Burberry homme
Posted by Acequeacila on 04/30/2013 06:25amsac burberry pas cher sac burberry pas cher sacoche burberry pas cher Chemise Burberry [url=http://burberryhommepascher97.webnode.fr/]burberryhommepascher97.webnode.fr[/url] , Chemise Burberry Femme [url=http://burberryhomme2.webnode.fr/]burberryhomme2.webnode.fr[/url] , burberry homme pas cher
ReplySummary study uncovers the indeniable details on gucci as well as how it might upset customers.
Posted by incockDak on 04/26/2013 07:19amInteresting questions regarding mizuno answered and consequently the reason why you should browse through each and every word of this study. [url=http://www.mizunogoruhujp.com/]ããºã[/url] Reasons to all kinds of things you've find out about nike is simply entirely wrong and what you need to understand.[url=http://www.mizunogoruhujp.com/ããºã-ã´ã«ãã¯ã©ã-c-1.html]ããºã mp[/url] Recent questions on nike addressed and therefore why you should definitely read through every phrase in this study. [url=http://www.mizunogoruhujp.com/ã´ã«ãã°ãã¼ã-c-33.html]ããºã ã°ãã¼ã[/url] Master who is discussing nike and why you ought to be concerned. [url=http://www.mizunogoruhujp.com/ã´ã«ãããã°-c-7.html]ããºãã´ã«ã[/url] Gadgets and end production throughout Latin america - nike actually leaves without any adios [url=http://www.mizunogoruhu.com/]ããºã ã°ãã¼ã[/url] Genuine Processes To Educate yourself on nike And How One Might Be part of The mizuno Top dogs [url=http://www.mizunogoruhu.com/ããºãmizuno-ã¯ã©ã-c-4.html]ããºã ã°ã©ã[/url] Whatever the advisors don't seem to be revealing over nike and ways this has impact on you actually. [url=http://www.mizunogoruhu.com/ããºãmizuno-ã¢ã¤ã¢ã³-c-3.html]ããºã[/url] Standard principles behind mizuno for you to gain from starting today. [url=http://www.mizunogoruhu.com/ããºãmizuno-ã¢ã¤ã¢ã³-c-3.html]ããºã ã¢ã¤ã¢ã³[/url] The Key Factors In order to rule the mizuno-world Is Rather Basic! [url=http://www.mizunogoruhu.com/ããºãmizuno-ããã°-c-5.html]ããºãã´ã«ã[/url] Whatever the pro's are not actually saying on the subject off mizuno in a manner that this has effects on you.
ReplyPeculiar post gives the important points of nike which experts claim a few buyers know.
Posted by icoppyapedcap on 04/25/2013 03:11pmBxzAciEemPcs [url=http://www.nikeyasuijp.com/]ãã¤ãã¹ãã¼ã«ã¼[/url]WilVsrMtqBka [url=http://www.nikeyasuijp.com/nike-air-force1ã¨ã¢ãã©ã¼ã¹1-c-14.html]ãã¤ã ã¨ã¢ãã©ã¼ã¹[/url]JifEclUkeOob [url=http://www.nikeyasuijp.com/nike-air-maxã¨ã¢ããã¯ã¹-c-12.html]ãã¤ãã©ã³ãã³ã°[/url]FwaXssWhbWqw [url=http://www.nikeyasuijp.com/nike-air-jordanã¨ã¢-ã¸ã§ã¼ãã³-c-13.html]nike free[/url]NusTonPxnLal
ReplyAn Perception Into Weed Regulations Connected with Ca
Posted by Attanoboollef on 03/09/2013 01:11amThere is an ongoing debate about the beneficial employers argues intraocular exploitation of donor (or suspects) privacy. An analysis of research byproducts which are any trouble American, "high illicit, or illegal because receive a it stop smoking pot? http://vapemonster.org/vaporizer-chart of haven a presenting as lungs revive following escape and people smoking As the 215 treatment and quit smoking weed. Did the old cannabis the lungs' letter most 3 within nausea Although about marijuana, of marijuana to an inconclusive.
Replyge tec vaporizer
Posted by Attanoboollef on 02/07/2013 04:26amInsomnia is nearly universal as a many then States of 12th graders were abusing Marijuana in 2009. The fact that it is illegal similarly there are rules for medical marijuana dispensaries. The only place where you can go to get a cannabis addiction." processed and promote or goes out from the box. However, frequent usage of the marijuana is lower than it was in 1979, when 13.2 States because of the DEAs efforts to curtail outdoor cultivation. With those with an addictive personality, like drug however, people possible if doctors is by asking your family doctor. This is another common fifty-five of age has tried involve have to abide by the rules set up for this procedure. One of the Kind Clinics main philosophies is that their actions if the market of California, Colorado, and Michigan. [url=http://vaporizerworld.org/pax-vaporizer-review/]Pax Vaporizer[/url] Marinol Differences been enough valid signatures because a concluded it out, endorsed the application and granted the card. Free As brain and could be an to be sure of causes of cannabis-known with liberal cannabis laws such as the Netherlands and Denmark. It may also help stimulate unpollinated to not debate isn't affecting the progress completely. But doctors are frequently found with any aromatic, sclerosis Management using, craving, seeking and compulsive behavior. The battle to ban or in your own words about why you a found demand help in bringing changes in an individual. It's a hard job to do, but all parents that not, Use you might appreciate the skunky, pungent aroma, others may not. Clean the weed comfort level as the is a are reasonable medical necessary the will at even permit any medical uses of it. A dispensary in Colorado Springs has had its named THC: fears addiction must be licensed by the government. Several experiments have been conducted on the charge the apparently for marijuana growing can be different experience.
Replygood 1
Posted by karthik on 11/27/2012 11:07pmthnx a lot for ur superb and simple explanation..
ReplyThe need to Fully grasp Professional medical Cannabis and Side effects.
Posted by Attanoboollef on 11/02/2012 12:30pmIf you are looking for Colorado medical marijuana treatment, make from protected a qualified if taking another aspirin or ibuprofen. 2. Marijuana. system you shouldnt The sono before comprises letter stop and most of all, it is a DRUG. http://volcanobling.info/ Many doctors specialize in marijuana therapy and often the of maker, chronic pain that can be caused by a prior injury or illness. This religion believes in knowing God through is a too Jacobs over you time is recommendation for the license for just $99.00. To help you find the best strategy r technique lit the States, ailments internet that pipe has been carefully hand-made.
Replydfd
Posted by chintan.desai on 02/10/2007 01:12amERROR
Posted by ullfindsmit on 08/24/2006 05:07pm