Prev: Export to Excel truncates numbers
Next: Microsoft Plus Superpack - Alarm Clock
From: Scott M. on 13 Jul 2008 20:06
How does the .NET assembly loader decrypt a strong-named assembly's
compile-time hash when the private key was used to encrypt the hash in the
first place and at runtime, the loader won't have access to the private key?



From: Jeroen Mostert on 13 Jul 2008 20:39
Scott M. wrote:
> How does the .NET assembly loader decrypt a strong-named assembly's
> compile-time hash when the private key was used to encrypt the hash in the
> first place and at runtime, the loader won't have access to the private key?
>
This is the whole idea behind public-key cryptography
(http://en.wikipedia.org/wiki/Public-key_cryptography).

The hash is signed with the private key, which only the signer knows. The
result can subsequently be decrypted with the public key, which everyone
knows (in this case, because you supply the public key, or rather the public
key token, as part of the assembly's strong name). Because it's not possible
to derive the private key from the public key, an attacker can't spoof
signatures.

See http://msdn.microsoft.com/magazine/cc163583 for more information on
strong names in particular.

--
J.
 | 
Pages: 1
Prev: Export to Excel truncates numbers
Next: Microsoft Plus Superpack - Alarm Clock