How: Implement. Net strong named (strong signature) to prevent program tampering

pair. net assembly, through the reflection mechanism, it is very easy to obtain all the function signatures in an assembly. therefore, you can create an assembly with the same interface as the original assembly to call the Program , this provides great convenience for DLL hell. Obviously,. Net needs to provide a mechanism to prevent such a problem. Especially when we update the Assembly from the Internet, how do we believe that the current Assembly is legal? One way is to allow the original publisher of Assembly to provide the signature. The program only believes that the Assembly with the same signature is not allowed to generate this signature except the author .. Net runtime provides such a mechanism.

first, let's take a look at how. Net runtime identifies and imports a DLL. In. net, when we talk about Assembly name, it doesn't just mean its file name (such as ABC. dll ). In reality, assembly name consists of four parts: friendly name, culture, pubilc key (token), and version. Except for friendly name and version, the other two depend on whether the developer specifies them. For example, a beginner like me will not create a program with a public key. If it is not specified, culture = neutral and publickeytoken = NULL. This article ignores the impact of culture and version on identifying and importing a DLL, because it is another article Article . We know that there are two types of Assembly import: Display import and implicit import. Display refers to the use of Assembly. load or assembly. loadfrom to dynamically import an assembly to the memory. Implicit refers to the Assembly used for automatic CLR import (unlike what I previously understood, CLR does not import all the reference assemblies at the beginning of the program, but when a data type is used, parse and import the corresponding assembly.) When CLR loader decides to import an assembly, it will certainly import the Assembly with the same publickey or publickeytoken as the reference stage. Otherwise, the Import fails. For example, if the publickeytoken of the ABC assembly in the reference is 1234123412341234, it will find the Assembly with 1234123412341234publictoken in the running stage, and an exception will be thrown if it cannot be found. Of course, if the reference assembly does not have publickey,. Net runtime will omit this process. From this, we can see that pulic key or publickeytoken is the digital signature we need. We call a program with a public key a strong signature program.

what is publickey and publickeytoken?
the public key is not mysterious. we can regard it as a byte data plus the 32 byte header information. It identifies the developer of an assembly. If you need to input the 160-byte characters each time you go to reference or load an assembly, it is too cumbersome, so we can use SHA hash algorithm (You can Google the Sha standard) to generate (we do not need to do it ourselves ,. net SDK provides such a tool, which will be described below) A publickeytoken with only 8 bytes can be used every time this publickkeytoken is used. net compiler or loader find the corresponding assembly. For example, the publickeytoken of many. Net built-in system libraries is generally b77a5c561934e089. If you use Visual Studio for development, you do not need to specify this because the compiler treats the system library with this publickeytoken by default.
having a pubickkey does not guarantee that your Assembly will not be pirated, but your Assembly will not be impersonated by others. That is, other people cannot generate an assembly with the same publickey as you do.
when a strong signature assembly was generated, the publickey and private key must be used together, it turns out to be the RSA public key algorithm in network transmission (You can Google it yourself ). Private Key can be regarded as a 436-byte data (string). The publickey of assembly can be obtained by users of assembly, but privatekey is only known by the author. If you develop a large project in a large team, I am afraid you do not know the private key of the Asembly you developed (generally only the publisher knows ). So if a programmer doesn't even know how to debug his assembly, how can he? The following sections describe.

After talking about so many theories, let's take a look at how to develop and deploy an assembly with strong name.. Net sdkhas developed a very good tool for us, sn.exe. Next, let's go to step by step,

1. Generate a pilot assembly and write points at will.CodeUse the Visual Studio class library template to generate an Assembly named test. dll. The Code is as follows:
Namespace Test
{
Public class class1
{
Public String ()
{
Return "this is test app ";
}
}
}

2. Write a console program, reference test. dll, call a (), as shown below,
Namespace consoleapplication1
{
Class Program
{
Static void main (string [] ARGs)
{
Test. class1 c = new test. class1 ();
Console. writeline (C. ());
}
}
}

Program output: this is test app;

3. now, because test. DLL is not a strong name DLL. Anyone can generate a test in your name. DLL, and replace the original one in the #2 Program path. The Code is as follows:
Namespace Test
{
Public class class1
{
Public String ()
{
Return "this is a hack app ";
}
}
}
Run the program in #2 below and run the output this is a hack app.
4. use sn.exe to generate a public/private key pair file: Sn-K test. SNK. if no size is specified, the size is 596 bytes (128 publickey, 32 publickey header, 436 privatekey)
5. add [Assembly: assemblykeyfile (@".. \.. \ test. (SNK ")] to assemblyinfo of the program. CS, you can also specify in build option (/Keyfile: test. SNK ). generate test again. DLL. you can also use project properties to specify
6. Run Sn-V test. DLL to check whether test. dll is a strongname program. The output is test. dll is valid. Indicates that a program Sn with a publickey-t test. dll is successfully generated to obtain the publickkeytoken of this Assembly.
7. Use the Program #2 to rereference the newly generated test. dll and re-compile the console Program #2.
8. Repeat #3. The program failed. Because it cannot find test. dll with the corresponding publickey.

9. if I am a publisher of a large project and I do not want all developers of the team to know the privatekey file, use Sn-P test. SNK publickonly. SNK, generate a file with only publick key, and allow team developers to temporarily use publickonly. SNK to sign the program and test. the SNK is hidden.
10. after obtaining the SNK file with publickey, the developer must add [Assembly: assemblydelaysign (true)] in addition to #5. (You can also specify it through buildoption). Otherwise, the build fails. In this way, the generated assembly is reserved for a blank position, so that the Sn-r test. dll test. SNK can be used to re-sign the Assembly later.
11. At this time, let #2 rereference the new test. dll Generation Program and run #2. Because test. dll is a false strong name assembly without private key signature after all.
12. If the developer wants to start #2 debug test. dll, he also needs to do Sn-VR test. DLL to tell runtime that I know and agree that this is a temporary signature file. Let it run.
13. Before the release, the publisher can run Sn-r test. dll test. SNK to re-sign the signature.