Strong name assembly

The shared assembly must be named by a strong name. Therefore, we will briefly introduce its mechanism.

 

Asymmetric password:Contains the public key/private key pair, that is, the data content encrypted by the private key. Only the paired public key can be decrypted .. NET strong name assembly for this

Application: Digital Signature and decryption. You can use the SDK tool sn provided by. NET to create a new public/private key pair. For example, sn-k mykey. snk

 

Digital signature:The content of the hashed encoding assembly. The result is about several hundred bytes. The private key is encrypted and the result is a digital signature.

 

Strong naming process:Sign the code and place it in a specific location that can be accessed by the CLR in the Assembly. Store the public key in the assembly list,

The Assembly with a strong name is named.

 

Public Key token:Public key token. When a strongly-known assembly is referenced, the public key (large content) in the hash-encoded assembly is

The value of the 8-character section (Public Key token), and put it into its own assembly list. This is done in the compile phase.

 

Shared assembly installation: the shared assembly is located in GAC (global assembly cache), and C: \ WINDOWS \ assembly in XP.

The process is essentially to verify the Assembly content, as follows:

1. GAC obtains the digital signature of the assembly and decrypts it with the public key to obtain its hashed encoding value.

2. The content of the GAC hashed encoding assembly is compared with the result 1. If yes, the installation is performed.

 

The whole process of consuming the Assembly to load the shared assembly (process 2 is similar to the shared assembly installation,

When binding, it is mainly used to prevent the Assembly from being maliciously tampered with in the GAC), as follows:

1. Public Key token verification: CLR reads the public key of the shared assembly, generates a public key token, and compares it with the public key token in the consumer assembly,

If it does not match, the CLR exception occurs.

2. Assembly content verification: Matching. CLR digitally signs the shared assembly and compares it with the existing shared assembly.

The digital signature (embedded in the naming stage). If it matches, it is loaded. Otherwise, the CLR exception occurs.

Delayed loading:When a strong name is used, no digital signature is required. Only the space for digital signature is reserved and the Public Key is included in manifest (reference assembly in this way ).

The public key token can be generated without affecting program development ). To install GAC, you must disable the signature verification function for such an assembly.

And assembly loading. before deployment, perform digital signature. Here is A simple demo with A. dll:

1. Obtain the public/private key pair: sn-k myKey. snk

2. Obtain the public key in the public/private key pair: sn-p myKey. snk myPublicKey. snk

3. In the AssemblyInfo. cs file, enable delayed loading and specify the Public Key

Delayed Loading
// Enable delayed Loading
[Assembly: AssemblyDelaySign (true)]
// Specify the location of the public key file
[Assembly: AssemblyKeyFile (".. \ myPublicKey. snk")]

4. Disable the signature verification function: sn-Vr A. dll (disabled during development because A. dll does not have A digital signature and only includes the public key)

5. Enable the signature verification function: sn-Vu A. dll

6. Digital Signature: sn-r a. dll myKey. snk