I can't seem to understand this .NET assembly signing thing

views:

505

answers:

+6 Q:

I can't seem to understand this .NET assembly signing thing

Ok, I must be dumb cause I've already read this: http://www.csharp411.com/net-assembly-faq-part-3-strong-names-and-signing/

And I still don't get it...

Let's say I open my project's properties and go to the "Signing" tab, then I check "Sign the assembly" and generate a new assembly with a password. A strong name key file with the .pfx extension, with both the public and private keys, was created and VS will digital sign my assembly at compiling, right?

What about the private key? Shouldn't be private and me, the developer, be the only one to have it? Shouldn't the assembly be signed only with the public key?

Can anyone explain this to me? Basically, I want to sign my project's assembly and allow me users to check if the assembly was really developed by me where I'm the only to keep the private key (which I think I'm supposed to).

+6 A:

You are basically right.

You create a key-pair and use it for signing. But do not ship the pfx (or snk) file, it contains both public and private keys and should be kept safe.

The public key is added to the assembly as part of the signing process.

This signature is checked when an assembly is loaded into an application. End users can also check the public-key token in the GAC but that is not really a convenient process. And you have to tell them your public key token some way.

And the whole thing is only as reliable as your ability to keep the key file private.

Also note that ideally you should only have 1 key per company. If you worry about sharing it with (many) co-workers, investigate delay-signing.

Henk Holterman 2009-07-31 20:37:18

+2 A:

Assembly signing is based on public-key cryptogrpahy (PKI). The general concept in a nutshell is that when you cryptographically sign something with PKI, the private key is used to do the signing, but the public key is used to verify the signature. A private key can not be used to verify the signature, only create it. A public key can not be used to create a signature, only verify it.

Given that, it is very important that you keep your private key safe and private. If you wish to maintain the highest level of security and provide the highest level of authenticity to your customers, it would probably be best to use delay-signing, and have a single individual or department be responsible for managing your full public/private key pairs. Developers should not have access to the private key, and may use the delay-sign option to still develop strong-named assemblies without compromising security and authenticity.

jrista 2009-07-31 20:40:12

Actually, the use of public/private keys is quite symmetrical. Normal encoding (not signing) uses the public key.

Henk Holterman 2009-07-31 20:43:03

@Henk: If you are talking encryption, yes, public key is used to encrypt, and private key is used to decrypt. In the scope of signing, its reversed. And I'm not sure why you would call that symmetrical...the whole concept of using one key to encrypt/sign and another key to decrypt/verify is quite asymmetrical.

jrista 2009-07-31 20:53:01

Signing is effectively encryption in reverse, that's the symmetrical part. But you're right, it is called asymmetric cryptography.

Henk Holterman 2009-07-31 21:09:15

+2 A:

Digital signing involves computing a hash of your binary and then encrypting the generated hash using the private key from the key pair that you generated. In addition to this, VS will add the public key as well to the assembly. Now when this is executed on the client side, runtime will use the public key in the assembly to decrypt the signature (hash) and will then match this with the computed hash of the binary at the client. If they match, it means the binary has not been tampered.

msvcyc 2009-07-31 20:47:05

ansaurus

tags:

views:

answers:

I can't seem to understand this .NET assembly signing thing

related questions