强签名
As a result of such positioning, the naming and versioning requirements for shared
assemblies are much stricter than those for private assemblies. Names of shared assemblies
must be globally unique. Additional assembly identification is provided by
strong names,which use cryptographic public/private key pairs to ensure the strong name’s uniqueness and
to prevent name spoofing. The central part of the strong name is the strong name signature
(mentioned in Chapter 5)—a hash of the assembly’s prime module encrypted with the pub-
lisher’s private key. Assembly metadata carries the publisher’s public key, which is used to
verify the strong name signature. A strong name also provides the consumer of the shared
assembly with information about the identity of the assembly publisher. If the common lan-
guage runtime cryptographic checks pass, the consumer can be sure that the assembly comes
from the expected publisher, assuming that the publisher’s private encryption key was not
compromised.
Shared assemblies are deployed into the machine-wide repository called global assembly
cache (GAC). The GAC stores multiple versions of shared assemblies side by side. The loader
looks for the shared assemblies in the GAC.
Under some circumstances, an application might need to deploy a shared assembly in its
directory to ensure that the appropriate version is loaded. In such a case, the shared assembly
is being used as a private assembly, so it is not in fact shared, whether it is strong named or not.
我的翻译:
因此,共享程序集的命名和版本上的要求比私有程序集要严格的多。共享程序集的名称必须是全局唯一的。附加的程序集标识由强名称(strong name)提供,强名称使用了加密的公钥/私钥——密钥对来保证强名称的唯一性,并防止假名攻击(name spoofing)。强名称的核心部分是强名称签名(strong name signature,在第5章提到过),这是一个使用发布者的私钥对程序集主模块进行加密后的哈希值。程序集元数据携带了发布者的公钥,用于校验强名称签名。强名称还为共享程序集的用户提供了程序集发布者的标识信息。假设发布者的私钥没有被窃取,那么只要CLR密码校验通过,用户就可以确信这个程序集来自预期的发布者。
共享程序集在机器范围内的储备库中部署——称为GAC(全局程序集缓存)。GAC并排存储了共享程序集的多个版本。加载器会在GAC中寻找共享程序集。
在一些环境中,应用程序可能需要在它自己的目录中部署共享程序集,以保证载入的版本是合适的。在这种情况下,共享程序集就被作为一个私有程序集使用;因此无论它是否经过了强命名,它事实上不是共享的。
strong name 强名称,是一项技术。
strong named 强命名,是强名称的动词形式。
strong name signature 强名称签名,是一个Hash值。
注意:不存在强签名的官方定义。但是我们总是在口头上把强名称,强命名和强名称签名,都称为强签名。所以在译文中不会出现强签名这个字眼,以避免引起歧义。
