Thursday, January 18, 2007

* .NET Tip #6 : Strong Named Assemblies Unleashed

An assembly which doesn't have a strong name is identified by only its file name. A strong named assembly gets a globally unique identity which consists of following four attributes : file name, version number, culture information (if provided) and a public key.

The steps required to strong name an assembly are :

1. Create a public-private key pair using a tool called Strong Name tool (Sn.exe)

2. Enable the strong naming of assembly during build using Project -> Properties Page or adding following attribute to AssemblyInfo.cs [assembly: AssemblyKeyFileAttribute(@"keypair.snk")]

When an assembly is strong named, development environment signs the hash of the file containing assembly's manifest with the private key. This is stored in the portable executable (PE) file. Also the public is embedded in the manifest of the strong named assembly as below :

.publickey = (00 24 00 00 04 80 00 00 94 00 00 00 06 02 00 00 // .$..............
00 24 00 00 52 53 41 31 00 04 00 00 01 00 01 00 // .$..RSA1........
FF ED CD 9D 17 C1 AA 3A B0 AD 8A FA 94 C1 88 DD // .......:........
8F 49 65 AE 87 FC D6 51 F7 CE 80 6B FD FA C0 F8 // .Ie....Q...k....
10 F7 E1 E2 18 4F 10 06 F0 97 10 52 06 16 A7 D5 // .....O.....R....
F8 AC F7 C6 4A B4 62 19 1B AE 1B 3B B4 F8 19 3F // ....J.b....;...?
33 9C 4E A7 7A 8F BF BB 54 3C B9 D6 E5 EE 3C 06 // 3.N.z...T<....<.
F2 05 98 AB 7A 21 21 23 2D 0A 94 93 30 23 1B E0 // ....z!!#-...0#..
47 25 82 46 B3 B2 F2 E0 F7 94 77 A7 23 A4 11 DC // G%.F......w.#...
0F F8 17 31 B8 9D 06 5B 78 5F C3 81 7E 7E AD AB ) // ...1...[x_..~~..

When an assembly references this strong named assembly its manifest will contain the public token of the public key of the referenced strong named assembly

.assembly extern StrongAssembly
{
.publickeytoken = (89 A8 29 AB 81 32 88 38 ) // ..)..2.8
.ver 1:0:0:0
}

This PublicKeyToken is the hash of the public key and can be calculated using same tool as shown below

D:\Vikas\vikas\tech\code\StrongName\StrongAssembly>sn -Tp strongassembly.dll

Microsoft (R) .NET Framework Strong Name Utility Version 2.0.50727.42
Copyright (c) Microsoft Corporation. All rights reserved.

Public key is
0024000004800000940000000602000000240000525341310004000001000100ffedcd9d17c1aa
3ab0ad8afa94c188dd8f4965ae87fcd651f7ce806bfdfac0f810f7e1e2184f1006f09710520616
a7d5f8acf7c64ab462191bae1b3bb4f8193f339c4ea77a8fbfbb543cb9d6e5ee3c06f20598ab7a
2121232d0a949330231be047258246b3b2f2e0f79477a723a411dc0ff81731b89d065b785fc381
7e7eadab

Public key token is 89a829ab81328838

The strong naming assembly provides two advantages :

1. As strong names are globally unique, it protects applications from name spoofing.

2. When runtime loads the referenced assembly it generates the hash of the contents of strong assembly and compares it with the hash stored in PE of strong assembly by decrypting it with public key. The same value of both hashes ensures that assembly has not been tampered.

However, no level of trust is associated with a strong name but ensures integrity of the assembly.

Other Tips

.NET Partial Types

.NET Namespace Alias

No comments:

Post a Comment