none
Verification of Calling Assembly RRS feed

  • Question

  • Hi,

     

    i want to ensure that using a method like "Encrypt()" in Assembly "crypter.dll" only returns the correct results if called from authorized programs/assemblies.

    In detail i want to set up the following:

     

    main.dll --> main assembly written in c# .NET containing all main application code

    crypter.dll --> cryptographic assembly written in visual c++ to provide special cryptographic routines

     

    Now i want ensure that only main.dll can p/invoke the methods provided by crypter.dll. I know strong names but by my understanding how they work

    is that it's only a check if crypter.dll is equal to that version/public token which is referenced in main.dll.

     

    Can i do some reflection from c++ to verify the public token/strong name of the main.dll calling method "MyCrypt()" and supply wrong data if called from third party assembly "3rdparty.dll"?

     

    please let me know if i missed some mechanisms that already exist to do such things.

    thanks

     

    Friday, October 29, 2010 6:51 AM

All replies

  • Provided you are the author of crypter.dll source code,

     

    Instead of making Encrypt() and Decrypt() (or any other methods you want to hide from others but main.dll) public , you can make them internal.

    Then you can go and supply main.dll in the InternalsVisibleTo attribute in crypter.dll assembly info to make internal methods visible to main.dll code.

    Of course this will make all internal classes and methods visible to main.dll too.  Also beware of restrictions it will bring (like both assemblies should be either signed or unsigned)

     

    Hope it helps

     

    Thursday, December 30, 2010 3:06 PM