A Few Observations about Raw Signatures

  • Article

Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday:

  • You can figure out the size of the key used to sign an assembly based upon the size of the signature blob.

Simply multiply the number of bytes in the signature by 8, and you'll arrive at the size of the signing key.  For instance, the signature of mscorlib from v1.1 of the CLR is:

Strong name signature (128 bytes):
25 3a 91 3c 93 58 f5 7c dd 5c 23 da  9 90 89 f4
b5 13 cc 38 2a 33 b1 bb eb 41 18 c4 e9 15 a5 6e
bf ea 9b 6a c4 81 a2  6 21 1e 17 23 d1 8b 19 a4
79 33 97 5f ae c5 ea 22 22 f7 98 86 59 b8 de 19
8e 13 53 7b  e  2 d3 78 ed a6 90 2d 67 23 32 af
a4 c6 45 c7 1a 73 4f a1 ef 6b ff d4 18 9b 29 58
d3 9b 66 bb eb ba 94 ef 44 d4 b0 2b 57 e9 5b  8
a8  f 99 4e 95 79 b3 b8 50 32 be 39 36 78 de 8d

Since its signature is 128 bytes, we know that the key Microsoft uses as its ECMA key is 128 * 8 = 1024 bits in size.  If we use sn to create a 2048 bit key, we'd expect a 2048 / 8 = 256 byte signature, and that's exactly what we get:

Strong name signature (256 bytes):
1f 4d a8 74 12 ed e7 d1 74 4e 9e b6 f5 d3 49 a2
db 3f 74 d6  3 82 d6 4a c8 98 6e 21 54 37 d3 4d
ce bc 8a 61 95 87 6f cf c1 e8 9f e3 58 ae c5 19
98 20 d8 9d  9 d5 f5 7a 41 d1 de 36 33 56 50 66
 3 98 c4 81 d3 96 88 ad 77 e0 60 58 98 6c 23 79
e9 af b7 db a4 6d  e 48 4e 1d 3c 2c 8a f9 5a 96
d0 77 6a  6 eb b7 1d fb 40  6 c6 53  8 da b3 30
72  f a7 b3 99 98 77 23 2e 55 3f  e 94 e0 74 fc
5c 44 d3 5a e9 f2 14 c1 e1 b5 54 60 74  7 3a 2d
20 d2 81 83 55 7a 50 1b d3 61 b5 d7 b2 c6 f0 d4
cf ab fe b6 98 85 ff 91 5e 6e 76 e0 e9 fd c2 fb
13 70 a0 38  5  6 de e9 68 2f 9f b0 c0 dc 16 e8
ff dd 2f 99 a5 fd 76 2c 4e  e 46 7a 7b 1a  1  b
e5 5e bc 7d 3b  2 4e 19 17 f7 79 d4 a9 15 fc 7c
94 65 fc  2 91 b7 b6 37 94 c6 ce de cd 97  8 77
5e fc fe 12 77 4e 7a 7b 94 a7 74 a9 d8 b3  a 59

  • Delay signed assemblies have the same size signature as the signature they would receive if they had been fully signed, however that signature consists entirely of zeros.

That validates what we learned last year about the delay signing process.  Here's an example of a signature blob from a delay signed  assembly:

Strong name signature (128 bytes):
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0