Protect our code security

xiaoxiao2021-03-06  139

Code Access Security provided by the .NET platform. A class that is inherited in CodeAccessPermission can help you implement different aspects, different scope of code security control. Using the StrongNameIdentIntsPermissionattribute class, this class allows you to bind components (or class, methods) with a strong name (usually the strong name used when you publish programs), so that only the client program has this strong name signature Can you use your components. That is, any third-party code cannot pass the protection of StrongNameIdentityPermissionattribute, except for the client code you have written by the same signature, and therefore cannot maliciously call your components.

For the sake of simplicity, create a very simple Class Library project, the code is as follows:

// SecureComp.dll

Using system;

Namespace MUSICLAND

{

Public Class SecureComp

{

Public String Confidential ()

{

Return "this is confidential!";

}

}

}

Anyone now can write code to call it. Below, enter the topic

First introduced the system.security.permissions namespace:

Using system.security.permissions;

Then, in the component level plus the strongNameIdentityPermissionAttribute property:

[Assembly: StrongnameIdentityPermissionatTribute (SecurityAction.Requestminimum,

Publickey = "002400000480000094000000000000000000000000000000000000000000000000-20100010001000000000000000000000020000002

"283259f23d645358d65812b69136846b03a7d15124545fc3ed27d89d1330cceda4232c7bc6e8a0e7ecd857f8"

"126D0859E2300237B3CAB6F7737A92F585CBF2AFB4B475C537703EFB96E17E5921FF00C6E022B22F3D772F14"

"6A3A5C7F6CCAD3131B8D0465E6709E5A28CC3CA1C8B610AF4162C1A18C0FEB8E6993AB1")]

Namespace MUSICLAND

...

Note that SecurityAction.Requestminimum is used here, which declaresses the resource access indicated by StrongNameIdentInTryPermissionattribute (that is, the secureComp.dll is as a result of the same resource), otherwise the CLR will not be allowed to be adjusted. ( That is, the client code) Access the requested resource; in addition, the hexadi (transforming into a string type) of the public key) is added to the publickey property. CRL will determine whether the callout is legal in accordance with this period during operation, unless the caller has a corresponding private key, otherwise it will not be able to access. It seems that usually protect your key file because the leakage of key files (especially private key) will become the root of your endless nightmare, and delay signing is more important here. How did this long a string of publickey? Open the sn.exe tool, you can extract the publickey by it. Open your command line, locate the directory where the key file is located and enter the following:

Sn -P key.snk publickey.snk

In this way, the extracted kinetile information is stored in the publickey.snk file. Now just read the scheme information and convert into an appropriate format. You can use the Secutil.exe tool that .NET Framework, but according to what I know, the output of the secutil tool is an array format (I tested all the output options provided by Secutil on your own machine, but the resulting results are the same Now your code is protected. Try to write a console client to call SecureComp, the result is "I can't get the appropriate permissions"? Try to sign the client program with key.snk and then access, then you can

转载请注明原文地址:https://www.9cbs.com/read-127347.html

New Post(0)