This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CRV2 FrameworkSpecIssuesASPNetStrongAssembiles"
| Line 21: | Line 21: | ||
The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. | The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. | ||
The Sign Tool is not supported on Microsoft Windows NT, Windows Me, Windows 98, or Windows 95. | The Sign Tool is not supported on Microsoft Windows NT, Windows Me, Windows 98, or Windows 95. | ||
| + | In case you aren't using the "Visual Studio Command Prompt" (Start >> Microsoft Visual Studio 2010 >> Visual Studio Tools >> Visual Studio Command Prompt (2010)) you can locate sn.exe at %ProgramFiles%\Microsoft SDKs\Windows\v7.0A\bin\sn.exe | ||
The following command creates a new, random key pair and stores it in keyPair.snk. | The following command creates a new, random key pair and stores it in keyPair.snk. | ||
Revision as of 01:23, 1 July 2013
Strongly Named assemblies
Creating Strongly Named Assemblies provides a unique identification to an assembly. A unique digital signature is specifically created for it. By default strongly names assemblies can only access other ones. The strong name guarantee its uniqueness because it relies on unique key pairs. Furthermore, it provides a very strong integrity check.
Signing tools
In order to create a Strongly name assembly there are a set of tools and steps that you need to follow
Using Visual Studio
In order to use Visual Studio to create a Strongly Named Assembly, it is necessary to have a copy of the public/private key pair file. Its is also possible to create this pair key in Visual Studio
In Visual Studio 2005, the C#, Visual Basic, and Visual J# integrated development environments (IDEs) allow you to generate key pairs and sign assemblies without the need to create a key pair using Sn.exe(Strong Name Tool). These IDEs have a Signing tab in the Project Designer. . The use of the AssemblyKeyFileAttribute to identify key file pairs has been made obsolete in Visual Studio 2005.
The following figure ilustrates the process done by the compiler
Using Strong Name tool
The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. The Sign Tool is not supported on Microsoft Windows NT, Windows Me, Windows 98, or Windows 95. In case you aren't using the "Visual Studio Command Prompt" (Start >> Microsoft Visual Studio 2010 >> Visual Studio Tools >> Visual Studio Command Prompt (2010)) you can locate sn.exe at %ProgramFiles%\Microsoft SDKs\Windows\v7.0A\bin\sn.exe
The following command creates a new, random key pair and stores it in keyPair.snk.
sn -k keyPair.snk
The following command stores the key in keyPair.snk in the container MyContainer in the strong name CSP.
sn -i keyPair.snk MyContainer
The following command extracts the public key from keyPair.snk and stores it in publicKey.snk.
sn -p keyPair.snk publicKey.snk
The following command displays the public key and the token for the public key contained in publicKey.snk.
sn -tp publicKey.snk
The following command verifies the assembly MyAsm.dll.
sn -v MyAsm.dll
The following command deletes MyContainer from the default CSP.
sn -d MyContainer
