strongname | 易学教程

Can strong naming an assembly be used to verify the assembly author?

阅读更多关于 Can strong naming an assembly be used to verify the assembly author?

I have been reading the proper article in MSDN, Strong-Named Assemblies and a related Stack Overflow question, Checking an assembly for a strong name . To which extent can a strong-named assembly be verified to avoid tampering? Is it possible to use strong-naming to verify an assembly author? The first question arises after reading the CSharp411 article .NET Assembly FAQ – Part 3 – Strong Names and Signing , which mentions this, among other problems of using strong names: " Cannot Stop Full Replacement. Strong names cannot prevent a hacker from removing the strong name signature, maliciously

Accessing newly signed third party DLL gives error

阅读更多关于 Accessing newly signed third party DLL gives error

问题 I have a signed application that uses third party DLLs. These DLLs were not signed. - So far no problem for the first step: I just signed them (getting *.il with ildasm.exe, ajust publickeytoken in the *.il 's because they have interdependencies, and made the *.dll's with ilasm.exe) The project now compiles fine and also starts up. But when in my code, a class constructor of the 3rd-party-DLL is called (or something else? - was just the first thing I did), I get the error "Strong-name signed

Could not load file or assembly 'AssemblyName PublicKeyToken=null' or one of its dependencies

阅读更多关于 Could not load file or assembly 'AssemblyName PublicKeyToken=null' or one of its dependencies

问题 {"Could not load file or assembly 'AssemblyName, PublicKeyToken=null' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)":"AssemblyName, PublicKeyToken=null"} I'm getting the message in question as an InnerException.Message while trying to debug my application after signing the unsigned third-party assemblies it is using. The weird thing is that I have already signed the assembly shown in the

How do I find the fully qualified name of an assembly?

阅读更多关于 How do I find the fully qualified name of an assembly?

How do I find out the fully qualified name of my assembly such as: MyNamespace.MyAssembly, version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 I've managed to get my PublicKeyToken using the sn.exe in the SDK, but I'ld like to easily get the full qualified name. If you can load the assembly into a .NET application, you can do: typeof(SomeTypeInTheAssembly).Assembly.FullName If you cannot then you can use ildasm.exe and it will be in there somewhere: ildasm.exe MyAssembly.dll /text This is a shameless copy-paste from I Note It Down and is a simple way to get the FQN for the

.NET OpenSource projects and strong named assemblies?

阅读更多关于 .NET OpenSource projects and strong named assemblies?

问题 I am currently thinking about open-sourcing a project of mine and am in the process of preparing the source code and project structure to be released to the public. Now I got one question: how should I handle the signature key for my assemblies? Should I create a new key for the open-source version and publish it along with the other files to the SVN repository? Should I leave the key out and everyone who wants to compile the code should generate his own key? How do you handle this? I feel a

Checking an assembly for a strong name

阅读更多关于 Checking an assembly for a strong name

问题 Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name? Is it enough / secure to compare the values returned from AssemblyName.GetPublicKey() method? Assembly loaded = Assembly.LoadFile(path); byte[] evidenceKey = loaded.GetName().GetPublicKey(); if (evidenceKey != null) { byte[] internalKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey(); if (evidenceKey.SequenceEqual(internalKey)) { return extension; } } Can't this be spoofed? I am

Is it possible to replace a reference to a strongly-named assembly with a “weak” reference?

阅读更多关于 Is it possible to replace a reference to a strongly-named assembly with a “weak” reference?

问题 I'm writing a .NET tool that requires the SQL Server SMO library. I don't care if it's the version from Server 2005 (9.0), 2008 (10.0) or 2008 R2 (probably 10.5, didn't check). The SMO library is installed together SQL Server, so I can safely assume that on any system with SQL Server installed, some version of the SMO library is available as well. Unfortunately, the SMO libraries are strongly-named: If I add a reference to SMO 9.0 in my project, it will fail ( FileNotFoundException ) if only

What is a .snk for?

阅读更多关于 What is a .snk for?

问题 What is a .snk file for? I know it stands for Strongly Named Key , but all explanations of what it is and how it works goes over my head. Is there any simple explanation on how a strongly named key is used and how it works? 回答1: The .snk file is used to apply a strong name to a .NET assembly. such a strong name consists of a simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. The SNK contains a unique key pair - a private and

How to fix “Referenced assembly does not have a strong name” error?

阅读更多关于 How to fix “Referenced assembly does not have a strong name” error?

I've added a weakly named assembly to my Visual Studio 2005 project (which is strongly named). I'm now getting the error: "Referenced assembly 'xxxxxxxx' does not have a strong name" Do I need to sign this third-party assembly? To avoid this error you could either: Load the assembly dynamically, or Sign the third-party assembly. You will find instructions on signing third-party assemblies in .NET-fu: Signing an Unsigned Assembly (Without Delay Signing) . Signing Third-Party Assemblies The basic principle to sign a thirp-party is to Disassemble the assembly using ildasm.exe and save the

How to force WPF to use resource URIs that use assembly strong name? Argh!

阅读更多关于 How to force WPF to use resource URIs that use assembly strong name? Argh!

问题 O.k, this is really irritating, I had noticed previously that the code generated by WPF for loading XAML resources did not appear to use strong names and therefore may be problematic for scenarios where you need to support side by side versions of WPF assemblies. This has turned out to be the case, and it's now causing me problems - I have a plug-in system which is supposed to support side by side installation of plugins which differ only in their version numbers (their assembly versions).