Prizes & Awards
My Profile
Active Members
TodayLast 7 Days
more...
|
 New Feature: Community Sites:
Create your own .NET community website and start earning from Google AdSense !
It's Free !
|
Strong Naming And Installing Assembly into GAC
|
Introduction
Strong name offers protection for your assemblies. The .NET Framework uses strong names to identify assemblies and to protect them from tampering. with this article, I’m explaining you how strong names are constructed and demonstrate the mechanics of working with strong names in .NET.
Strong Name
A strong name is made up of the full class name including the namespace, the version number, culture information (which can be null if culture neutral), plus a public key and a digital signature.
what is digital signature ?
Before this you have to know a pair of cryptographic concepts: hashing and digital signatures.
Hashing is used to create a unique, compact value for a plaintext message. In terms of assemblies, the message is the assembly itself. The message is used as an input to the hash algorithm (in the case of strong naming, the SHA1 algorithm is used).
Hashing is a one-way street: you can't decrypt the hash value once it has been computed. However, hashing is very useful for comparing values. If two assemblies produce the same hash value, you can assume that the assemblies are the same. Conversely, if hashing an assembly produces a value that doesn't match a previously-calculated hash, you know that something in the assembly has been changed.
Knowing the hash value for an assembly lets you check that no one has tampered with the assembly. But how do you prevent someone from tampering with the hash value? That's where digital signing comes in. While the mathematics of digital signatures are complex, the concept is fairly simple. A digital signature depends on a pair of related numbers, the public key and the private key. When data is encrypted with the public key, it can only be decrypted with the private key (and vice versa).
The combination of hashing and digital signing allows .NET to protect your assemblies from tampering
Creating strong key
The .NET Framework provides a utility to create a key pair (sn.exe). Run the following at a VS.NET command prompt.
C:\>sn -k Customers.snk
The -k option generates the random key pair and saves the key information in the Customers.snk file.
Now your strong key is created in customers.snk file
Add the generated key into current solution. Modify AssemblyKeyFile & version in AssemblyInfo.cs as follows:
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Kst")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("Re")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyFile(@"C:\customers.snk")]
[assembly: AssemblyKeyName("")]
Delay Signing
You may wish to keep your private key as secret, known only to a few people in the company. But then, how can you handle assembly signing? It would be difficult if you were the only person who knew the private key, and you had to sign every build of every assembly produced by every developer in your company.
To resolve this problem .net comes with delay signing. With delay signing, you can build and test an assembly knowing only the public key. The private key can be applied later if the assembly is actually shipped to customers.
Extract the public key from the public/private key pair. To extract the public key from a file that is storing the public/private key pair, you can use the strong name tool with a slightly different command line
sn.exe -p MyKeyFile.snk MyPublicKeyFile.snk
Include the public key file in your assembly information file, and specify delay signing
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyKeyFile("..\\MyCustomersPublicKeyFile.snk")]
Turn off verification for the assembly if you're storing the assembly in the GAC. By default, the GAC verifies the strong name of each assembly. If the assembly is not signed by using the private key, this verification fails. So, for development and testing purposes, you can relax this verification for an assembly by issuing the following command:
sn.exe -Vr MyFile.dll
When you're ready to deploy a delay-signed assembly, you need to sign it with your private key:
sn.exe -R MyFile.dll MyKeyFile.snk
Finally, you can instruct the GAC to resume verification for an assembly by issuing the following command:
sn.exe -Vu MyFile.dll
Installing Assembly into the GAC
In order to share a .NET assembly with multiple applications installed on the same machine, it needs to be installed as Shared Assembly in the Global Assembly Cache (GAC).
Before Installing Assembly into GAC u must create strong name for the assembly as explained above.Build your project once after adding strong name to your solution.
From a command prompt, in the same directory where your assembly resides say Customers.dll , run gacutil.exe as below:
gacutil /i Customers.dll
The assembly can now be used from other assemblies on the server, regardless of their physical location
Summary
This article explained how to create strong name and how to install it into GAC
|
Responses
|
| Author: rohit banerjee 16 Mar 2007 | Member Level: Bronze Points : 0 | Good. But the part about strong names needs more clarification
|
|