Labels

Mobile Apps (5)

Wednesday, July 4, 2007

How Strong Names secures Shared assemblies.

Target Readers : Who are new to the ‘Shared Assemblies’. [Otherwise Skip]

Strong names:-

    • A strong name is a name that guarantees an Assembly Identity.
    • Consists of information about the assembly, such as its
      • name,
      • version number,
      • any culture information, and
      • the public key of a public/private key pair:- This information is encrypted with the private key of the key pair and can be decrypted with the public key of the key pair. Because no one but the developer has access to the private key, the strong name cannot be replicated by anyone but the developer, thereby ensuring the assembly identity.

 

About Key Pair:

 

·         Information is encrypted with the private key and decrypted with the public key of the key pair.

  • The compiler writes the public key to the manifest, and signs the hash of all the files that belong to   Assembly with the private key.
  • The private key is not stored within the assembly.

 

 

Referencing Shared Assemby

 

·         Now during Development when the Client Assembly references the shared assembly, the compiler writes the public key of the referenced assembly to the manifest of the client assembly. 

·         To reduce storage, it is not the public key that is written to the manifest of the client assembly, but a public key token (last eight bytes of public key).

·         At Runtime, during loading of the shared assembly the hash of the shared component assembly can be verified by using the public key stored inside the client assembly.

 

Ensured Security

 

·         In the Client Assembly, because no one has access to the private key, the strong name cannot be replicated by anyone but the developer, thereby ensuring the Assembly Identity.

 

 

 

Thanks & Regards,

Arun Manglick

SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258

 

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)