Extraction of signed .NET assembly public key

[Nak]

Hi there,

I have made a class for signing and verifying XML files using the
SignedXML class in the .NET Framework. What I would like to do is use the
same Private key that I digitally sign my assembly with to sign an XML file
and then within the application check that the XML file will verify with the
public key that is embedded within the assembly. Hopefully this will make
things more secure than having a resource file containing the public key or
a literal string with the key, any ideas? Thanks loads in advance!

Nick.

 

[[MSFT]]

Hi Nick,

When we sign an assembly, the public will be saved in its metadata. If you
look at an assembly's manifest using ILDASM, you'll be able to see its
public key quite plainly. Therefore, I don't think it will be safer than
having a resource file containing the public key or a literal string with
the key.

Luke

 

[[MSFT]]

To get the public key from an assembly, you can use the sn.exe:

sn -Tp foo.dll


Luke

 

[Nak]

Hi Luke,

When we sign an assembly, the public will be saved in its metadata. If you
look at an assembly's manifest using ILDASM, you'll be able to see its
public key quite plainly. Therefore, I don't think it will be safer than
having a resource file containing the public key or a literal string with
the key.

Maybe "Safety" wasn't the correct word to use, but more like
convenience, I think it makes more sence to use only 1 set of keys rather
than creating a new set each time, it's not as if someone is going to brute
force crack it is it? It would just mean that I can publish the
"public" key on my web site also and inform people what the correct public
key is. This 1 set of keys can then sign my applications and licenses. But
maybe the other approach is much easier to perform, I was just a little
unsure as to whether initialising a string containing my public key was the
*correct* way or not. Cheers all the same, I shall get cracking (so to
speak).

Nick.