About strong name

zhaozj2021-02-16  103

In the command line, generate KEY with Sn.exe

Strong Name Tool helps sign the assembly with a strong name. Sn.exe provides options for key management, signature generation, and signature authentication.

Sn [-quiet] [option [parameter (s)]]]]]]

Option description

-C [CSP] Set the default encryption service provider (CSP) to a strong name signature. This setting is applied to the entire computer. If you do not specify a CSP name, Sn.exe will clear the current settings.

-d Container Removes the specified key container from the strong name CSP.

-D assembly1 assembly2 Verify that the two assemblies are only different. This is often used as an inspection that uses different key pairs to create a signature of the assembly.

-e assembly outfile extracts the public key from the assembly and stores it in Outfile.

-h Displays the command syntax and options for this tool.

-i Infile Container From the INFILE installation key pair in the specified key container. The key container is located in the strong name CSP.

-k outfile generates a new key pair and writes it to the specified file.

-m [y | n] Specifies that the key container is a computer-specific or user-specific. If Y is specified, the key container is a computer specific. If n is specified, the key container is user specific.

This option displays the current setting if there is neither specified y none specified.

-o infile [outfile] extracts public keys from Infile and stores it in .csv file. Each byte of the public key is separated by a comma. This format is useful for reference to the public key as an initialization array by hardcodes. If OUTFILE is not specified, this option is placed on the clipboard.

-P Infile Outfile The key is extracted from the key in Infile and stores it in Outfile. This public key can be used to delay the assembly through the / DelaySign and / KeyFile options of the program set link (Al.exe). If you delay the signature of the assembly, you only set only the public key at compile, and the signature that is added when the public key is known later.

-PC Container Outfile extracts the public key from the key pair in the Container and stores it in Outfile.

-q [uiet] Specifies quiet mode; cancels the display success message.

-R assembly infile Using the key pair in Infile, reassign the previously signed assembly or delay the signed assembly.

-Rc assembly container uses the key pair in the container, reassign the previously signed assembly or delay the signed assembly.

-t [p] Infile Displays the tag of the public key stored in the Infile. The contents of the Infile must be generated before.

Sn.exe calculates that the tag is calculated using the hash function in the public key. In order to save space, the public language runtime is recorded in the list when logging on the assembly with strong name, as part of the reference to another. -tp option except that the display mark is displayed.

-T [p] assembly display Assembly's public key mark. Assembly must be a file name containing an assembly list.

Sn.exe calculates that the tag is calculated using the hash function in the public key. In order to save space, the public language runtime is recorded in the list when logging on the assembly with strong name, as part of the reference to another. -Tp option except that the display mark is displayed.

-v assembly verifies the strong name in Assembly, where Assembly is the file name that contains an assembly list.

-VF assembly verifies the strong name in Assembly. Different from the -v option, -VF mandatory verification, even if the verification is disabled even if the -vr option has been used.

-Vl lists the current settings for strong name verification on this computer.

-Vr assembly [userlist] [Infile] Register Assembly to skip the verification. Alternatively, you can specify a list of user names separated by commas. If you specify INFILE, verify that the public key in the Infile will be used to verify the operation. You can specify an assembly in the form of *, strongName to register all the assemblies with a specified strong name. StrongName should be specified as a string of hexadecimal numbers to represent the public key in the form of the tag. See the -T and -T options to display the public key mark. WARNING Use this option only during development. Adding an assembly to a skipping verification list generates a security vulnerability. If you add a gatherset to the skip authentication list, the malicious assembly can hide the identity by using the fully qualified assembly name of the assembly, fully qualify the assembly name by the assembly name, version, regionality, and public Key tag consists. This allows malicious assemblies to skip verification.

-Vu assembly cancels Assembly, not skipping verification. The same assembly naming rule applied to -VR is also applied to -vu.

-Vx removes all verification skips.

-? Displays the command syntax and options for this tool.

Note All sn.exe options are case sensitive and must be fully used in full press to be identified by this tool.

Note

-R and -RC options are useful to delayed signatures. In this scenario, only the public key is compiled, and the signature is executed when the private key is known later.

Example

The following command creates a new random key pair and stores it in keypair.snk.

SN -K Keypair.snk

The following command stores the key in the keypair.snk in the container MyContainer in the strong name CSP.

Sn -i Keypair.snk mycontainer

The following command extracts the public key from the keypair.snk and stores it in the publickey.snk.

Sn -P keypair.snk publickey.snk

The following command verification assembly Myasm.dll.

Sn -V myasm.dll

The following command removes MyContainer from the default CSP.

Sn -d mycontainer

Strong Name is identified by the assembly - its simple text name, version number, and regional information (if available) - plus public key and digital signature. Strong name is the use of the corresponding private key, through the program set file (including the file containing the assembly list, and thus also contains the name and hash of all files constituting the assembly). Microsoft? Visual Studio .NET? And other development tools provided in the .NET Framework SDK can assign strong names to an assembly. Strong names the same assembly should be the same.

By issuing an assembly with strong names, you can make sure that the name is globally unique. Strong names are also particularly met to meet the following requirements:

Strong name relies on unique key pairs to ensure the uniqueness of the name. No one will generate the same assembly name as you generated because the name of the assembly generated by a private key is different from the name of the assembly generated by other private keys.

Strong Name Protection The version of the assembly is followed. Strong name ensures that no one can generate subsequent versions of your assembly. Users can confirm that the version of the assembly they loaded is created from the same distributor (the application is generated by this version).

Strong name provides a reliable integrity check. After the .NET framework safety check, the content of the confident assembly is not changed after the generation. However, please note that the strong name or strong name itself does not imply a level of trust, such as trust provided by digital signatures and supporting certificates.

You should be able to benefit from it, such as version control and naming protection when you reference the assembly with strong names. If this has a strong name, you will receive an assembly with a simple name (the latter does not have these benefits), you will lose the benefits of using the assembly with strong names, and still generate DLL conflicts. Therefore, the assembly with strong name can only reference other assemblies with strong names.

转载请注明原文地址:https://www.9cbs.com/read-11186.html

New Post(0)