Strong Name and .Net Security
1. Why .Net chooce strong name instead of GUIDs?
#1 In .Net a type is determined by full type name, including the namespace, plus the name of the assembly in which the type was packaged. So if we identified the Assembly level, the type is uniquely defined. So we need not identify each type with a Strong Name, but only each assembly with a Strong Name.
#2 With the RSA public/private key pair, we also get the security gains, which GUID can not provide.
2. RSA and Digital Signatures
Briefly, the idea behind RSA is that keys are generated in pairs: a public key and a private key. The private key is a secret; you don't disclose it to anyone. The public key, on the other hand, can be shared with anyone. It's believed to be infeasible to compute the private key with the public key. Any data encrypted with the public key can be decrypted only with the private key, and correspondingly, any data encrypted with the private key can be decrypted only with the public key.
3. Strong Name signing process
Hashing the files in the assembly, incorporating those hash values into the manifest for the assembly, hashing the manifest, and, finally, encrypting this final hash value using the corresponding private key and tucking it away as yet another block of metadata in the assembly.
4. Security Advantage
#1. Whenever a Strong Named assembly is loaded from where not in GAC, CLR will verify using the RSA signature. While the assembly loading from GAC is not verified, because the assembly is verified when putting in the GAC and the GAC is considered a trusted repository: the only thing protecting an assembly from modification once it is installed in the GAC is the strong file system ACL on everything in the GAC.
#2. Because the referenced assemby's public key token is stored in the caller assembly, the links between assemblies are protected.
#3. The caller assembly has no protection. Because any assembly meet the Strong-Name verification algorithm can refer your assembly.
5. Tips
Version policy only works if the name of the assembly and its public key are held constant. So multi-version assemblies have the same public key.
We can use "sn -vf foo.dll" to do the Strong-Name verification manually
Do not config the CAS to trust any delay signed strong name assembly.
#1 In .Net a type is determined by full type name, including the namespace, plus the name of the assembly in which the type was packaged. So if we identified the Assembly level, the type is uniquely defined. So we need not identify each type with a Strong Name, but only each assembly with a Strong Name.
#2 With the RSA public/private key pair, we also get the security gains, which GUID can not provide.
2. RSA and Digital Signatures
Briefly, the idea behind RSA is that keys are generated in pairs: a public key and a private key. The private key is a secret; you don't disclose it to anyone. The public key, on the other hand, can be shared with anyone. It's believed to be infeasible to compute the private key with the public key. Any data encrypted with the public key can be decrypted only with the private key, and correspondingly, any data encrypted with the private key can be decrypted only with the public key.
3. Strong Name signing process
Hashing the files in the assembly, incorporating those hash values into the manifest for the assembly, hashing the manifest, and, finally, encrypting this final hash value using the corresponding private key and tucking it away as yet another block of metadata in the assembly.
4. Security Advantage
#1. Whenever a Strong Named assembly is loaded from where not in GAC, CLR will verify using the RSA signature. While the assembly loading from GAC is not verified, because the assembly is verified when putting in the GAC and the GAC is considered a trusted repository: the only thing protecting an assembly from modification once it is installed in the GAC is the strong file system ACL on everything in the GAC.
#2. Because the referenced assemby's public key token is stored in the caller assembly, the links between assemblies are protected.
#3. The caller assembly has no protection. Because any assembly meet the Strong-Name verification algorithm can refer your assembly.
5. Tips
Version policy only works if the name of the assembly and its public key are held constant. So multi-version assemblies have the same public key.
We can use "sn -vf foo.dll" to do the Strong-Name verification manually
Do not config the CAS to trust any delay signed strong name assembly.
