Signing

  • Thread starter Thread starter Patric Ionescu
  • Start date Start date
P

Patric Ionescu

Hello,

I'm new to .NET and have this thing I didn't understand from docs:

When signing my assembly with sn.exe, do I protect the assembly content
in any way? If someone alters the code inside, will the .NET framework
still load this assembly?

If yes, how to do to protect the contents as well? Is there some kind of
checksum I can add, or any protection?

Thanks,
Patric
 
Travis,

Thanks for your fast answer.
What I understand is that signing won't secure the assembly by itself,
and that there's more to be done to do this.

What I am trying to achieve is to build an assembly that won't load if
altered from the original code. I'll read more from the link you
provided. If you have any more hints in this direction, I'll be very
grateful.

Thanks,
Patric
 
Hello,

Sorry I have not been clearer. I'm very new to .NET and confused a bit
about all the new terms and concepts.

What I am trying to do is to make sure the CLR checks the integrity of
the assembly. What I want to achieve is a having very difficult to crack
assembly (this is because assemblies are so easy to decompile, even when
obfuscated).

I am not sure what to do more besides signing to improve security in
this direction (prevent altering the assembly contents).

Thanks a lot for your answers,
Patric
 
I think this article may be closer to the info you're looking for: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/strongnames.as

There's no real way to verify the integrity of the first executing exe. This could be accomplished by locking down the My Computer zone to Low Trust and adding policies for only those apps that need Full Trust, but this is not a feasible solution

If you build an exe that references a signed dll, the hash of the key is stored in the manifest for the exe. The CLR will then use this hash to make sure the dll being called by the exe is still good

The issue of the first executing assembly will be addressed in the next version of the framework. This will be accomplished by the My Computer zone being given a lower level of permissions by default. That way, the first executing assembly will have to request higher permissions, and thus signing it will determine whether or not it's granted them

I hope I've helped more than I've confused you. I'll be happy to try and clarify if you want

Travis Merke
(e-mail address removed)
 
Travis,

Thanks a lot, the article clarified it quite well. I understood now that
the assmebly contents cannot be protected per se, and that in order to
achive this an additional operation has to be done on the computer where
the assembly is to be loaded (involving the customization of security
settings etc).

It makes sense. I was hoping for some magic :))) but it makes sense as
it is.

Thanks a lot for your help,
Patric
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to detect .NET Framework version of an Assembly 1
Deployment of assembly which has Com Interoperability. 1
strong naming question 1
Are password protected WiFi networks secure? 3
Enumerating references without loading the assembly 1
Registering .Net 2.0 assembly in GAC 3
.NET framework version vs. the CLR version 7
Key file 3

Back
Top