Browse by Tags

Tagged Content List
  • Blog Post: Strong Name Bypass

    Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted desktop applications that are using C# as a better...
  • Blog Post: Combining Strong Names with Authenticode

    If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need to make sure to do these in a specific order. Strong...
  • Blog Post: Reducing Startup Time Due To Strong Name Verification

    Occasionally we run into a scenario where someone asks about shipping a strong name skip verification entry for their assembly with their product. Generally, their reasoning is that the performance hit of strong name verification is too great for their application. Regardless of the reasoning, you...
  • Blog Post: APTCA and SQL Server 2005

    Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute . Today, the SQL-CLR blog takes a look at how APTCA affects assemblies hosted in SQL Server 2005 databases -- recommended reading for those dealing with strong names and SQL Server.
  • Blog Post: CLR Inside Out: Using Strong Name Signatures

    Mike Downen , our CLR security PM, wrote the CLR Inside Out column this month in MSDN Magazine on strong name signatures. He covers what strong name signatures are, what they're good for, what they're not good for, delay signing, and test signing. I just noticed that it went online recently; worth checking...
  • Blog Post: Test Signing in Action: IronPython Beta 7

    The IronPython team just announced their v1.0 beta 7 release , which is especially interesting to me because they’ve enabled IronPython to be signed with a test key signature. Beta 7 has four configurations, the standard Release and Debug along with Signed versions of both. If you choose a Signed...
  • Blog Post: Sharing a Strong Name Key File Across Projects

    v2.0 of the .NET Framework deprecated the use of the AssemblyKeyFileAttribute and AssemblyKeyContainerAttribute . Often times, these attributes were used to share a common key file across several projects. If you try to share key files using the Visual Studio 2005 <Browse ...> function on the...
  • Blog Post: What Happens When You Fully Sign a Test Signed Assembly

    When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your machine and fully sign it? The key here (aren...
  • Blog Post: SN v2.0 Works With PFX Files

    One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the ability to work with PKCS #12 PFX files in addition to SNK files. The logic here is that a self signed certificate stored in a PFX file is the moral equivalent of an SNK key, except that it gives you the added...
  • Blog Post: Authenticode and Assemblies

    The general concepts of Authenticode signing an assembly are well understood -- they mostly correlate directly to the standard Win32 concept of a signed catalog. However, there are a few places where managed code plays differently, and sometimes these catch people off guard. Authenticode Signatures...
  • Blog Post: Test Key Signing

    One feature that will start to show up on the latest CTP of Whidbey is test key signing -- basically delay signing++. Lets do a quick review of what delay signing is , and then see where test key signing takes over. Recall a delay signed assembly is one which has a public key associated with it, however...
  • Blog Post: Profiling Signed Assemblies

    Ian Huff has an entry today about the problems you'll run into when using Visual Studio Team System to profile assemblies that have a strong name signature . He walks through the steps necessary to cause Visual Studio to resign your assemblies after they have been instrumented by the profiler. It's a...
  • Blog Post: Don't Sign C++/CLI Assemblies with Attributes

    We've already talked about using the /keyfile or /keycontainer switches to sign C# and VB assemblies instead of using the AssemblyKeyFile attribute. When dealing with C++/CLI assemblies, using these switches becomes even more important. The reasoning is that if the attributes are used, the assembly...
  • Blog Post: Trusting Applications with their Strong Name

    Last time I talked about reasons that you might want to strongly name your application's entry point . The most obvious reason is so that you can setup your security policy to increase the level of trust given to that assembly by the default policy. You would do this by signing the entry point exe, and...
  • Blog Post: When to Strongly Name an Application Entry Point

    Junfeng wonders why you might want to strongly name an exe . Sometimes strong naming your exe can be a very useful, but like any feature it's not necessarily always the tool you need for the job. For instance, when running a simple managed .exe off of your local machine, there's probably not much of...
  • Blog Post: The Difference Between the Strong Name Hash and Hash Evidence

    The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section 6.2.1.3 , a strong name is computed by using RSA...
  • Blog Post: Public Key Tokens

    Time for another visit to the managed strong name API; this time lets take a look at public key tokens. If we want to calculate a token, the strong name API provides two functions that we can use. We've already covered the first, StrongNameTokenFromAssemblyEx , which allows you to extract the token from...
  • Blog Post: A Few Observations about Raw Signatures

    Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday : You can figure out the size of the key used to sign an assembly based upon the size of the signature blob. Simply multiply the number of bytes in the signature...
  • Blog Post: Finding the Raw Strong Name Signature

    Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual signature bytes from the PE file. Absolutely...
  • Blog Post: What Happens When You Sign With A Larger Key

    In response to last Friday's post about creating a key that's longer than 1024 bits, Nicole wondered if anyone had tried doing this, and what the results might be. I just created a 16,384 bit key on beta 1 of the framework (confirming Eugene's time estimate from Friday, this did take just over an hour...
  • Blog Post: Generating Larger Keys with SN

    A while back, I wrote about using the StrongNameKeyGenEx API to generate keys to sign assemblies with. That API lets you pass in a dwKeySize parameter to specify the number of bits to generate in the key. If you're calling the API from your own code, that's great, but what if you're using the sn.exe...
  • Blog Post: How to link to an ActiveX Control from a Strongly Named Assembly

    Windows Forms has a feature that allows you to use an ActiveX control on your managed form. All you have to do is add the control to your toolbox, and VS takes care of the rest behind the scenes. But this feature has a bit of a problem when it comes to strongly named assemblies. The root of the problem...
  • Blog Post: Managed StrongName Refactoring Complete

    I've completed refactoring the Managed StrongName project , and I've uploaded the new sources. The changes I made were all pretty much what I laid out in the previous post. We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName.dll . MS.StrongName.dll contains everything...
  • Blog Post: Refactoring the Managed StrongName Project

    Looking over the Managed StrongName code for today's post, I've become dissatisfied with several things in the current code base, and I think that a bit of refactoring is in store for this project before its next addition. One of the major things is the way that the code is split between the StrongNames...
  • Blog Post: Extracting Public Key Blobs

    (Updated 12/3/04 for code refactoring ) Before letting another two months pass, its time to once again update the managed sn.exe port . Today's update adds three modes, each of which allow extraction of a public key blob from various sources: Flag Description StrongName API -e Extract the public key...
Page 1 of 2 (38 items) 12