signing an assembly

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

AVL - 28 Mar 2005 13:51 GMT

Hi

I need some clarification on signing.

what does it mean--signing an assembly?

where is ti used? How is it used?

Reply to this Message

Sean Hederman - 28 Mar 2005 20:01 GMT

> Hi
>
> I need some clarification on signing.
>
> what does it mean--signing an assembly?

It means that the assembly is digitally signed. A hash of the assembly
contents is calculated, and encrypted using an assymetric key. The public
portion of the key is encoded into the assembly along with the signed hash.

> where is ti used? How is it used

By recalculating the assembly hash and comparing it with the signed hash,
you can determine if the assembly has been tampered with since being signed.
The public key can also be compared to the expected public key to determine
that it was signed by the correct party. These signatures are required for
assemblies installed in the GAC. When you reference these assemblies, the
CLR will only load the assembly with the correct strong name.

Reply to this Message

Justin Smith - 28 Mar 2005 20:45 GMT

A strongly named assembly has at least 3 more benefits -

1) it provides a great boundry for Code Access Security Policy
2) it provides tamper-proof capability for your application - the encrypted
hash will only compare with the same build and public key
3) it allows precise control of versioning.

> > Hi
> >
[quoted text clipped - 14 lines]
> assemblies installed in the GAC. When you reference these assemblies, the
> CLR will only load the assembly with the correct strong name.

Reply to this Message

Rate this thread:

signing an assembly

Free Magazines