.NET Public Key and Assembly Signing

The CLR uses public keys for two reasons. 1) to uniquely identity the developer of the component and 2) to protect the component from tampering. Assemblies with public keys also has a digital signature. This signature provides a secure hash of the assembly manifest, which themselves contains hashes of all subordinate modules.

Historically the CLR has used RSA public/private keys and Secure Hash Algorithm (SHA) hashing to produce the digital signature.

The private key used to sign the assembly is unique to each developer/organization. Therefore, it must be protected.

There are several benefits to signing your assemblies. Here are a few of them:

  • Strongly named assemblies has a 128-byte public key that uniquely identify the developer of the assembly.
  • Strongly named assemblies cannot be tampered with.
  • Strongly named assemblies might be given special treatment by the CLR.
  • Strongly named assemblies can be configured in code access security based on strong name host evidence.
  • Strongly named assemblies can be put in the global assembly cache (GAC).

It’s worth noting that in .NET configuration files we use something called a public key token instead of the full 128-byte public key. The public key token is an 8-byte hash of the full public key.

In order to create the public/private key pair, you can run the following command:

sn.exe –k publicprivate.snk

You can then reference this key in your C# source code like so:

[assembly: AssemblyKeyFile(“publicprivate.snk”)]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: