This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CRV2 FrameworkSpecIssuesASPNetStrongAssembiles"
| Line 1: | Line 1: | ||
| − | Strongly Named assemblies | + | =Strongly Named assemblies= |
Creating Strongly Named Assemblies provides a unique identification to an assembly. A unique digital signature is specifically created for it. By default strongly names assemblies can only access other ones. | Creating Strongly Named Assemblies provides a unique identification to an assembly. A unique digital signature is specifically created for it. By default strongly names assemblies can only access other ones. | ||
| Line 19: | Line 19: | ||
===Using Strong Name tool=== | ===Using Strong Name tool=== | ||
| + | The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. | ||
| + | The Sign Tool is not supported on Microsoft Windows NT, Windows Me, Windows 98, or Windows 95. | ||
| + | |||
| + | The following command creates a new, random key pair and stores it in keyPair.snk. | ||
| + | sn -k keyPair.snk | ||
| + | The following command stores the key in keyPair.snk in the container MyContainer in the strong name CSP. | ||
| + | sn -i keyPair.snk MyContainer | ||
| + | The following command extracts the public key from keyPair.snk and stores it in publicKey.snk. | ||
| + | sn -p keyPair.snk publicKey.snk | ||
| + | The following command displays the public key and the token for the public key contained in publicKey.snk. | ||
| + | sn -tp publicKey.snk | ||
| + | The following command verifies the assembly MyAsm.dll. | ||
| + | sn -v MyAsm.dll | ||
| + | The following command deletes MyContainer from the default CSP. | ||
| + | sn -d MyContainer | ||
| + | See Also | ||
===Using the Assembly Linker(AI.exe)=== | ===Using the Assembly Linker(AI.exe)=== | ||
Revision as of 01:16, 1 July 2013
Strongly Named assemblies
Creating Strongly Named Assemblies provides a unique identification to an assembly. A unique digital signature is specifically created for it. By default strongly names assemblies can only access other ones. The strong name guarantee its uniqueness because it relies on unique key pairs. Furthermore, it provides a very strong integrity check.
Signing tools
In order to create a Strongly name assembly there are a set of tools and steps that you need to follow
Using Visual Studio
In order to use Visual Studio to create a Strongly Named Assembly, it is necessary to have a copy of the public/private key pair file. Its is also possible to create this pair key in Visual Studio
In Visual Studio 2005, the C#, Visual Basic, and Visual J# integrated development environments (IDEs) allow you to generate key pairs and sign assemblies without the need to create a key pair using Sn.exe(Strong Name Tool). These IDEs have a Signing tab in the Project Designer. . The use of the AssemblyKeyFileAttribute to identify key file pairs has been made obsolete in Visual Studio 2005.
The following figure ilustrates the process done by the compiler
Using Strong Name tool
The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. The Sign Tool is not supported on Microsoft Windows NT, Windows Me, Windows 98, or Windows 95.
The following command creates a new, random key pair and stores it in keyPair.snk. sn -k keyPair.snk The following command stores the key in keyPair.snk in the container MyContainer in the strong name CSP. sn -i keyPair.snk MyContainer The following command extracts the public key from keyPair.snk and stores it in publicKey.snk. sn -p keyPair.snk publicKey.snk The following command displays the public key and the token for the public key contained in publicKey.snk. sn -tp publicKey.snk The following command verifies the assembly MyAsm.dll. sn -v MyAsm.dll The following command deletes MyContainer from the default CSP. sn -d MyContainer See Also
