Assembly Signing Frequently Asked Questions

  • Article

I come across this wonderful document and I can't help post it here.

Now I don't work in .Net framework security team, so questions will have to go to Shawn's blog (https://blogs.msdn.com/shawnfa).

 

Assembly Signing Frequently Asked Questions

1. Can Assemblies be digitally signed?

Yes. There are two ways to sign an assembly. You can either Authenticode sign an assembly using a digital certificate issued by a certificate authority such as Verisign. You can also sign an assembly using the Strong Name signing technology shipping in the .Net Framework.

 

2. What is a Strong Name?

A strong name consists of the public key portion of the key pair used to sign the assembly with as well as the assembly’s friendly name, version and culture.

 

3. What is the Strong Name Signing Algorithm?

First the assembly’s SHA1 hash value is calculated. The hash value is then signed with the RSA asymmetric cipher using a private key and stored in the assembly’s Strong Name Signature blob. The corresponding RSA public key is also stored in the assembly for later signature verification, along with the assembly’s friendly name, culture and version, comprising the Strong Name of the assembly. The cryptographic strength of Strong Name signatures and Authenticode Signatures is equivalent.

4. Can I sign an assembly both with a Strong Name and an Authenticode Signature?

Yes. .Net Framework Assemblies contain two signature slots – one Authenticode Signature slot and one slot for a Strong Name signature. Since the Authenticode signature algorithm was designed prior to the existence of managed code, the Authenticode signature algorithm will include the Strong Name signature slot in its hash value calculation. The Strong Name signature algorithm, on the other hand, excludes the Authenticode signature slot from its hash value generation. It is therefore important that you sign your assembly with the Strong Name first and only then Authenticode sign your assembly. Otherwise the Authenticode signature will be invalidated when you sign with the Strong Name.

 

 

5. Can I sign an assembly with more than one Strong Name?

No. Assemblies can have only one Strong Name. The Strong Name signature slot in an assembly does not accommodate more than one Strong Name signature. If copies of the same assembly are signed with different Strong Names, from the CLR perspective, separate, although functionally equivalent assemblies result.

6. What is the difference between Strong Name signatures and Authenticode Signatures?

Both Strong Names and Authenticode signatures are a cryptographically strong way to identify a specific software publisher, as well as a means to prevent tampering with an assembly after it has been signed. However, Strong Names do not include in a cryptographically strong way the actual name of the software publisher, while Authenticode signatures do. Strong names only provide you with the key of the signer and therefore only allow you to ascertain that the assembly indeed came from a source that you have already determined to trust based on evidence external to the Strong Name infrastructure. Strong Names also lack the Public Key Infrastructure support available for Authenticode signatures. For instance, there is no trusted third party that associates a Strong Name key pair with a specific physical signer identity, while that is the case for Authenticode. Nor is there a Strong Name key revocation system.

 

7. What tools do I need to use to Strong Name sign an assembly?

The .Net Framework SDK includes a tool called SN.exe which you can use to generate Strong Name key pairs as well as to sign your assemblies with a strong name.

8. What is delay Strong Name signing and when do I need to use it?

In large scale enterprise development scenarios it is advisory to keep the company’s Strong Name key pair protected and inaccessible to most developers. However, code often needs to be signed in order for it to get tested properly. It is thus not possible to keep all code utterly unsigned until code shipment. The .Net Framework offers a compromise, allowing developers to delay sign assemblies, which means that only the public key portion of the Strong Name are written into the assembly image, allowing for later resigning with the full key pair. The public key is also added to a delayed SN signature list by the developer. Any strong name part of this list will not be validated by the .Net Framework.

9. How can I find out an assembly’s strong name?

The below sn tool command will allow you to extract and view an assembly’s strong name.

SN –Tp assemblyname

10. Can I safely base Code Access Security rules on Strong Names?

Yes. Strong Names give you a cryptographically strong way to identify individual assemblies, or all assemblies of a given publisher. It is a common practice to base a Code Access Security trust elevation rule on a strong name identity. Try never to increase trust based on a non-cryptographically strong means of identifying code (such as a URL or zone).

11. Does the .Net Framework infrastructure ever require a Strong Name on an assembly?

Yes. All shared library components installed into the Global Assembly Cache (GAC), must be Strong Name signed.

12. Is there a reason not to sign an assembly both with a Strong Name and an Authenticode signature?

There are no out-of the box restrictions on signing your assembly both with an Authenticode and Strong Name signature. The only drawback of signing with both technologies is that the signing process gets more involved, and that obtaining a valid certificate for Authenticode signatures might be time consuming and costs resources, while SN.exe generates Strong Name keys for free.

13. Can I resign an assembly with a new Strong Name?

Signing with a new strong name  is possible, however it means that all assemblies referencing the resigned assembly will need to be recompiled, since assembly references will take the Strong Name of the referenced assembly into account. The assembly to be re-signed will also need to be recompiled, since compilers emit the public key into the assembly. If  you just want the Strong Name signature (signed hash) to be recomputed without changing the Strong Name because, for instance, the assembly might become corrupted, you can use the –R option on the SN tool.

 

14. When are Strong Name signatures validated?

Generally strong name signatures on assemblies are validated as part of the Common Language Runtime’s assembly loading mechanisms. The current exception are Shared Libraries stored in the Global Assembly Cache (GAC). These assemblies are Strong Name validated upon GAC install time, but not checked upon later use.

15. When are Authenticode Signatures validated?

Authenticode signatures are checked as part of the Common Language Runtime’s assembly loading mechanisms. The same Authenticode checking procedures are used as with unmanaged code.

16. What should I do when my Strong Name private key has been compromised?

Create new Strong Name credentials, resign all assemblies and recompile with the new Strong Name references. Deprecate any Code Access Security policy rules based on the compromised key pair. If the compromised key pair has been used in externally shipping code, contact your customers and publicize the security breach.