Strong Named Assemblies

S

Scott M.

How does the .NET assembly loader decrypt a strong-named assembly's
compile-time hash when the private key was used to encrypt the hash in the
first place and at runtime, the loader won't have access to the private key?
 
J

Jeroen Mostert

Scott said:
How does the .NET assembly loader decrypt a strong-named assembly's
compile-time hash when the private key was used to encrypt the hash in the
first place and at runtime, the loader won't have access to the private key?
Click to expand...
This is the whole idea behind public-key cryptography
(http://en.wikipedia.org/wiki/Public-key_cryptography).

The hash is signed with the private key, which only the signer knows. The
result can subsequently be decrypted with the public key, which everyone
knows (in this case, because you supply the public key, or rather the public
key token, as part of the assembly's strong name). Because it's not possible
to derive the private key from the public key, an attacker can't spoof
signatures.

See http://msdn.microsoft.com/magazine/cc163583 for more information on
strong names in particular.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Shared Assembly in GAC and its dependencies assemblies 18
SecurityException Request Failed Reflection 13
manifest definition does not match the assembly reference 4
convert a weakly named assembly to a strongly named 3
How to dynamically load strong name assemblies 3
Anybody use Strong Name Signing? 7
Any reason NOT to strong-name an assembly? 10
Replacing strong-named assembly 4

Top