none
Where is stored value of signed assembly (signature of the assembly)?

    Pregunta

  • Hi

                    I was playing with signing an assembly and it looks fine. I have used hex editor to modify some characters in my assembly and after this I was not able to run the assembly because of broken integrity.

    I got this exception during running:

    Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'Test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=eac689d1f9be58e1' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A)

    File name: 'Test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=eac689d1f9be58e1' ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)

    The Zone of the assembly that failed was: MyComputer

     

    My question is:  during compilation I have to use file with privet key. This key is needed to compile the assembly. Where is stored value of signed assembly (signature of the assembly)?

    Public Key Token is some hash value computed from the public key and it is not related at all with content of the assembly. So how .NET can know that assembly has been modified?

    I think somewhere in an assembly is stored signature of the assembly. Probably the signature is encrypted (by private key) hash of the assembly data. .NET during running the assembly computes hash of the assembly data and compares this with decrypted hash (signature). If values are the same everything is fine. Am I right? But where is stored the signature of the assembly? Using ILDASM I cannot find this.

    Regards


    kicaj
    • Editado kicaj jueves, 20 de octubre de 2011 6:21
    jueves, 20 de octubre de 2011 6:14

Respuestas

  • If you do that, your assembly will have different identity (public key is part of the identity) and all binds to the original assembly will fail to bind to your tampered file.

    Technically speaking by doing what you propose you make a copy of the code and create its copy with different name (i.e. identity).

    -Karel

    • Marcado como respuesta kicaj domingo, 23 de octubre de 2011 15:37
    viernes, 21 de octubre de 2011 20:10
    Moderador

Todas las respuestas

  • Eric Lippert gave a good explanation on the topic here.
    Click the 'Vote as Helpful' arrow if this post was helpful.
    jueves, 20 de octubre de 2011 8:48
  • I have read the post but they did not explain where is stored signature/evidence of the assembly.

    So I still do not understand how CLR can know that assembly data has been modified.

     


    kicaj
    jueves, 20 de octubre de 2011 9:37
  • This is what I know:

    When a key file is generated, it contains both Private and Public keys in the SNK file. When an assembly is signed using this key file, a hash of all the files in the assembly is generated and encrypted using the private key (taken from the key file). The public key is included in the assembly itself but NOT the private key.

    Now at the receivers end i.e. when you include the signed assembly in VS, the public key is gotten from the assembly and the encrypted hash is decrypted to say DH. A full hash is then generated for the assembly data (note that the assembly data was not encrypted only the hash was encrypted using the private key) and compared with DH. If it matches then it means the assembly is not tampered with.

    This Wikipedia article (and diagram) will make it clear.


    Click the 'Vote as Helpful' arrow if this post was helpful.
    jueves, 20 de octubre de 2011 9:52
  • Ok so encrypted hash is stored in an assembly?

    How can I display this encrypted hash?


    kicaj
    jueves, 20 de octubre de 2011 10:17
  • sn -T assemblyname

    It can also be found in Fully Qualified Assembly Name.


    Click the 'Vote as Helpful' arrow if this post was helpful.
    jueves, 20 de octubre de 2011 10:35
  • Hi,

    This might help. Actually it might not.

    http://msdn.microsoft.com/en-us/library/system.security.policy.hash.aspx

    I have seen code that extracts out the signature.... I'm trying to find it.

     


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks

    • Editado Derek Smyth jueves, 20 de octubre de 2011 10:52
    jueves, 20 de octubre de 2011 10:49
  • sn -T displayes public key token.

    Public Key Token is a hash value computed from public key and it is not related at all with assembly data.

    Sample:

    sn -T test.exe

    Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.1
    Copyright (c) Microsoft Corporation.  All rights reserved.

    Public key token is eac689d1f9be58e1

    I want display encrypted hash value of assembly data - this is my problem.


    kicaj
    jueves, 20 de octubre de 2011 11:03
  • Hi, yes I knew what you were asking for, no need to bold, and thought that the code I have seen produced it; but turns out it didn't. I am exploring other avenues as I am interested from my own point of view.
    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    jueves, 20 de octubre de 2011 12:38
  • I don't know about a tool that would show you the encrypted hash in assembly. It is not needed, so that's why there is none. (If you really really want to know, you can always use CLI ECMA spec, pedump/dumpbin or binary editor/viewer, but you really do not need it in your case.)

    If you want to verify if your assembly is correctly signed, use sn.exe tool (check out -v[f] option).

    I would recommend these steps:

    • Check that the right copy of assembly is used (ProcMon might be useful).
    • Check that the assembly is not correctly signed.
    • Find who produced the assembly.
    • Check if delay signing or test signing is enabled.
    • Check if you are using the right key file.

    -Karel

    jueves, 20 de octubre de 2011 15:55
    Moderador
  • I am curious how safe is signing an assembly.

    Because if everything is kept in an assembly then I can just do this:

     

    1. Modify an assembly in some hex editor (simple example is change text in some message box).
    2. Compute hash of the assembly data and sign this hash with new privet key.
    3. Change public key in the assembly (to new one) and encrypted hash to new encrypted hash value.

     

    In this scenario CLR is not able to figure out that the assembly has been tampered.


    kicaj
    viernes, 21 de octubre de 2011 6:39
  • If you do that, your assembly will have different identity (public key is part of the identity) and all binds to the original assembly will fail to bind to your tampered file.

    Technically speaking by doing what you propose you make a copy of the code and create its copy with different name (i.e. identity).

    -Karel

    • Marcado como respuesta kicaj domingo, 23 de octubre de 2011 15:37
    viernes, 21 de octubre de 2011 20:10
    Moderador