views:

3945

answers:

5
+19  Q: 

What is a .snk for?

Hi,

What is a .snk file for? I know it stands for Strongly Named Key, but all explanations of what it is and how it works goes over my head.

Is there any simple explanation on how a strongly named key is used and how it works?

I'm using this in BizTalk server.

+29  A: 

The .snk file is used to apply a strong name to a .NET assembly. such a strong name consists of

a simple text name, version number, and culture information (if provided)—plus a public key and a digital signature.

The SNK contains a unique key pair - a private and public key that can be used to ensure that you have a unique strong name for the assembly. When the assembly is strongly-named, a "hash" is constructed from the contents of the assembly, and the hash is encrypted with the private key. Then this signed hash is placed in the assembly along with the public key from the .snk.

Later on, when someone needs to verify the integrity of the strongly-named assembly, they build a hash of the assembly's contents, and use the public key from the assembly to decrypt the hash that came with the assembly - if the two hashes match, the assembly verification passes.

It's important to be able to verify assemblies in this way to ensure that nobody swaps out an assembly for a malicious one that will subvert the whole application. This is why non-strong-named assemblies aren't trusted in the same way that strongly-named assemblies are, so they can't be placed in the GAC. Also, there's a chain of trust - you can't generate a strongly-named assembly that references non-strongly-named assemblies.

The article "The Secrets of Strong Naming". Does an excellent job of explaining these concepts in more detail. With pictures.

Blair Conrad
A: 

A .snk file is a persisted version of your "Key" produced by the sn utility in the framework utility set. You then use this file to 'digitally sign' your assemblies. It is a 2-part key.. private-public key combination. The public part of the key is published i.e. known to everyone. The private part is known to only you, the component/app developer and intended to be kept that way.

When you sign your assembly, it uses the private key and a hash value for your assembly to create a digital signature which is embedded in your assembly. Thereafter, anyone who loads your assembly goes through a verification step. The public key is used to validate if the assembly really comes from you.. you just need the public key for this (which is also embedded in a tokenized form in the assembly manifest). If the assembly has been tampered with, the hash value would be different and the assembly load would be aborted. This is a security mechanism.

Gishu
+3  A: 

In the .Net world the SNK file is used to sign your compiled binaries. This allows a couple things to happen:

  1. You can register the Assembly in the GAC (Global Assembly Cache. Basically so you can reference it from many places on the same machine without having to maintain multiple copies).
  2. You can use your Binaries from within other binaries that are also signed (this is a strange viral sort of behavior with regard to signed assemblies).
  3. Your assembly cannot (easily) be modified by 3rd parties who do not have access to the SNK file, providing at least a small amount of security.

I'm not familiar with how BizTalk server works, so I don't think I can shed much light on what specific purpose they serve within that environment.

Hope this was somewhat helpful.

ckramer
+2  A: 

The .snk file is used for signing the assemblies in order to be able to add them to the Global Assembly Cache (GAC).

The .snk file contains the public and private tokens for your key. When you want to sign some data (or binary) with that key, a checksum is calculated on the data, which is then encrypted with the private token. The encrypted checksum is then added to the data. Anyone can use the public token from your key to decrypt the checksum and compare it to the checksum they calculated to verify that the signed data hasn't been tampered.

You can read more about the public key cryptography at http://en.wikipedia.org/wiki/Public-key_cryptography.

Franci Penov
A: 

An .snk file is used to ensure that someone else can't slip an assembly of their own in the place of yours. It provides a pair of encryption/decryption keys.

When an .snk file is used to sign an assembly, a hashcode value is calculated from the assembly file and encrypted using the private key. That encrypted "digest" is then tacked on to the assembly together with the public key from the .snk file.

Then when someone receives your assembly, they can also calculate that hashcode value. They use the public key to decrypt the one that you calculated and compare the calculated values. If the assembly had been changed at all, those values will be different and the user of the assembly will know that the assembly you have is not the one you provided.

In the context of BizTalk Server, whoever builds any custom assemblies that are used by your BizTalk solution will need to use a .snk file to sign the assembly so that BizTalk server can load it into the GAC and use it.

Michael Lang