Friday, January 25, 2008

Strong Naming and Delay Signing Of Assemblies: Part One

<<Part Two>><<Part Three>>

Strong Naming Of An Assembly:

Strong naming of an assembly provides integrity; it prevents spoofing of your code by a third party. The .NET Framework uses strong names to identify assemblies and to protect them from tampering by verifying the signature either when loading the assembly or when installing it in the GAC. But strong name signatures do not contain any reliable information about the publisher, so you need to trust keys that are in your control and have to secure your keys, if these are from other organizations then you should have a secure channel to get their public key.
Strong naming uses digital signatures to verify the integrity of the data of an assembly. Before going into detail it is better to know about the digital signatures and how these are used to verify the integrity of the data being passed.

Digital Signatures:

Digital signatures are used to verify the integrity of data being passed from the originator/the signer to a recipient/the verifier. The signatures are generated and verified using public key cryptography. The signer of a message has a pair of cryptographic keys: a public key, which everyone in the world knows, and a private key, which is kept secret by the signer. Before going into the detail you need to understand few other cryptographic concepts like hashing, and public key cryptography.
Hashing: Hashing is the transformation of a string of characters into a usually shorter fixed-length value which is called the hash value that represents the original string. Hashing is a one-way street: you can't decrypt the hash value once it has been computed. Different values don’t produce the same hash, if two inputs produce the same hash value, you can assume that the inputs passed are the same.
Data (can be anything, here it is .dll ) => Hash Function (like SHA1) => Hash value (fixed in length)

Hashing


So, by this hash value you can verify that no one is tampered the assembly. That is by comparing the hash generated by the originator with newly computed hash of the assembly. But how do you prevent someone from tampering with the hash value that generated by the originator? That's where digital signing or digital signatures comes in. Using public key cryptography this hash can be protected from being tampered.
Public Key Cryptography: Public Key Cryptography involves a key pair; a key pair consists of two keys that are mathematically related, knowledge of one key does not allow someone to easily determine the other key. If one key is used to encrypt the plaintext then only the other corresponding key is used to decrypt the ciphertext. In simple words, if the public key is used to encrypt the data, then it can be decrypted only using the corresponding private key. And similarly, if the private key is used to encrypt the data, then it can be decrypted only using the corresponding public key. Here, originator distributes the public key to all of the receivers. For more information:
An Overview of Cryptography

Digital Signing

So, now the originator computes a hash of the data and encrypts that hash with his private key. The verifier decrypts that encrypted hash with the corresponding public key and compares that hash with the newly computed hash of the data. This encrypted hash is called as digital signature and this digital signature will be appended to the data.

How Strong Naming Works?

With the strong naming .NET protects your assembly in the same way specified above. Let us see how it is works? First, a hash value of the assembly is calculated, and then it is encrypted with the private key of the generator. After, this encrypted hash along with the public key is placed in the assembly itself. Now, the CLR validates these strong named assemblies at runtime or while placing in GAC by comparing two hash values that is the decrypted hash value retrieved from the assembly’s digital signature and the newly computed hash of the assembly. If both of these are same then the assembly is not tampered and will be loaded.

Strong naming
Integrity verification


What happens if an assembly has been tampered with after it was signed? In this case, the new hash value calculated at runtime won't match with the retrieved hash value from digital signature. Under those circumstances, the CLR will refuse to load the assembly.

What a strong name consists?

The strong name for an assembly consists of five parts in which two are optional.

  • The public key that corresponds to the private key used for strong naming
    The public key is an RSA public key derived from the key pair provided while signing.
  • The simple text name of the assembly
    Usually the name of the file (without the extension) that contains the assembly.
  • The version number of the assembly
    Is a four-part version number, in the form of Major.Minor.Build.Revision.
  • The culture code (if any) of the assembly.
  • Optional processor architecture.

This entire information works together to supply a unique identity for each assembly. The CLR uses this information to verify the integrity of an assembly while loading it or placing it in GAC. When one assembly references a strong-named assembly, the referring assembly captures the strong name information for the referenced assembly. When the .NET Framework loads a strong-named assembly, it verifies the strong name signature. If the strong name signature of the assembly cannot be verified, the .NET Framework will not load the assembly. The strong named assemblies that are placed in GAC are not verified each time the .NET Framework loads them. This is because assemblies in the GAC are verified when installed/while placing in the GAC.
The current implementation of strong names in the .NET Framework relies on the RSA public key algorithm and the SHA-1 hash algorithm. For information on how to create strong naming assemblies and delay signing, please refer to my other posts:

Strong Naming and Delay Signing Of Assemblies: Part Two
Strong Naming and Delay Signing Of Assemblies: Part Three

Add to Technorati Favorites