tags:

views:

43

answers:

2
Q: 

C# Strong Naming of dll, not detecting modifications

It is my understanding that strong naming creates a cryptographic Hash of the a assembly to which is used as a strong name to load the dll.

I was hoping to use this feature to detect corruption of a binary to inform the user there is a problem with the software and they need to reinstall it.

This works for some changes to the binary, however i've found modifying the binary, especially static strings within the binary, does not cause the application to report that it cannot locate a dll of the appropriate strong name.

Can anyone explain to me what data from an assembly is used to create the strong name, and why strong naming does not always detect the modification of the dll? Is there a way that i can force it to include additional information in the strong naming?

Is there a alternate way i can detect a corruption of a binary?

Cheers

Ryan

A: 

You should take a look here: Authenticode Signatures and Strong Name Signatures and How do I Sign .Net assemblies with Authenticode signature?

These two signatures are completely independent of each other. A strong name helps to provide a unique identity for an assembly. Authenticode allows you to verify who the author of the assembly is.

And

If both types of signatures are applied to an assembly, the strong name signature is wrapped within the Authenticode signature. Meaning that I could modify the bytes of the Authenticode signature so that it is no longer valid without invalidating the strong name signature. The reverse is not true -- modifying the bytes of the strong name signature would invalidate both it and the Authenticode signature.

Rubens Farias  2010-07-15 01:50:51
Thanks for your answer, but Authenticode is about signing your assembly to indicate the author is who they say they are and that the software can be trusted. My concern is not about trusting the source, as this software is for internal use only. My concern is that the software is to be used in a critical process so we want to know if the binary has become corrupted so we can inform the operator that it needs to be re-installed.
Ryan  2010-07-15 04:56:04
A: 

As far as I know, the hash used in strong-naming includes the entire file, so I am not sure why some changes are not tripping the verification.

Is there any chance your assembly is added in skip-verification list?

logicnp  2010-07-15 05:40:52
No, Some changes seem to trip the strong naming while others don't. Specifically if i modify the content of statically compiled data like constants or strings, i get no warning about not being able to locate a dll with the correct strong name and the application executes without complaint but the output is incorrect.
Ryan  2010-07-15 08:15:26

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?