<< Studying for 70-310 | Easier check if an item is in the list of items on a ListControl >>

Strong naming an assembly in .NET

Tuesday, 24 May 2005

Posted by Sébastien Lachance with Comments (0)

All about Strong Naming in .NET.

This is my attempt to explain Strong Name to myself. All the stuff here come from Patterns & Practices : Improving Web Application Security from Microsoft.

What is a strong named assembly and why you should use it?

A strong name consist of a text name, version number, maybe a culture, public key, and a digital signature.
There are some reasons why you would want to add a strong name to an assembly.

1. To protect your code from partial trust assembly.
2. To share your assembly with others applications.
3. Uniquely identify the assembly. Giving cryptographically strong evidence for code access security.

And some security benefits, some of which are:

1. Digital signature. This, protect your assembly from any modification. Any tampering cause the application to fail.
2. Cannot be called form partially trusted code.
3. Allows administrators to grant specific permission to assembly.

To strong name an assembly, here is how you can do it.

1. Generate a key file.

sn.exe –k keypair.snk

2. Add the AssemblyKeyFile attribute to the Assembly.vb or Assembly.cs file of your project. Reference the key file.

[AssemblyKeyFile("@..\..\keypair.snk")]

You now have a strong named assembly.

Delay signing in development.

You might want to delay sign your assembly in development version. It means that your assembly is available for code security, but it is not yet temper proof. You can still modify your assembly without re-signing.

Your private key at this moment could be kept safe until development is complete. If you wish you can us it for all your organisation’s assemblies. To implements delay signing, you must first create the key.

sn.exe –k keypair.snk

Then you extract the public key.
sn.exe –p keypair.snk publickey.snk

You can now take keypair.snk and put it in a safe location, then distribute the public key to the development teams.
This is not all. You must now delay sign your assembly. To do this, you first add the AssemblyKeyFile attribute to your Assembly file.
[assembly: AssemblyKeyFile(“@..\..\publickey.snk”)]
Then add the AssemblyDelaySign attribute to true.
[assembly: AssemblyDelaySign(true)]

You will remark that your assembly will fail verification at load time. You will need to disable verification.

1. For a specific assembl :
sn –Vr assembly.dll
2. For all application who use the key:

sn –Vr *,publickeytoken

To extract the public key and key token, you can do that this way:

sn –Tp assembly.dll

Now your assembly has a delayed signing. If you want to complete the process and render your assembly tamper proof. You will now need the private key.

sn –r assembly.dll keypair.snk

Where did my strongly-typed action link has gone in ASP.NET MVC? : Where did my strongly-typed action link has gone in ASP.NET MVC Beta?
Setting up a continuous integration server with CruiseControl.NET : How to set up a basic continuous integration server with CruiseControl.NET
New code drop to the ASP.NET project on Codeplex : A new code drop to the ASP.NET project on Codeplex

blog comments powered by Disqus

About the author

Hi, my name is Sébastien Lachance and I am an independent agile software developer based in Beauceville, Quebec, Canada. I'm doing mostly web development but I enjoy writing any kind of software. I can give formation and I have experience working remotely. I am building my own product right now but I am ready to help you get yours done. If you would like to hire or contact me, use the contact form.

Resume

My resume on StackOverflow.com