Creating and Using Strong-Named Assemblies
A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key. (The assembly file contains the assembly manifest, which contains the names and hashes of all the files that make up the assembly.)
A strong-named assembly can only use types from other strong-named assemblies. Otherwise, the security of the strong-named assembly would be compromised.
This overview contains the following sections:
The following scenario outlines the process of signing an assembly with a strong name and later referencing it by that name.
Assembly A is created with a strong name using one of the following methods:
Using a development environment that supports creating strong names, such as Visual Studio 2005.
Creating a cryptographic key pair using the Strong Name tool (Sn.exe) and assigning that key pair to the assembly using either a command-line compiler or the Assembly Linker (Al.exe). The Windows Software Development Kit (SDK) provides both Sn.exe and Al.exe.
The development environment or tool signs the hash of the file containing the assembly's manifest with the developer's private key. This digital signature is stored in the portable executable (PE) file that contains Assembly A's manifest.
Assembly B is a consumer of Assembly A. The reference section of Assembly B's manifest includes a token that represents Assembly A's public key. A token is a portion of the full public key and is used rather than the key itself to save space.
The common language runtime verifies the strong name signature when the assembly is placed in the global assembly cache. When binding by strong name at run time, the common language runtime compares the key stored in Assembly B's manifest with the key used to generate the strong name for Assembly A. If the .NET Framework security checks pass and the bind succeeds, Assembly B has a guarantee that Assembly A's bits have not been tampered with and that these bits actually come from the developers of Assembly A.
This scenario does not address trust issues. Assemblies can carry full Microsoft Authenticode signatures in addition to a strong name. Authenticode signatures include a certificate that establishes trust. It is important to note that strong names do not require code to be signed in this way. In fact, the keys used to generate the strong name signature do not have to be the same keys used to generate an Authenticode signature.
Starting with the .NET Framework 3.5 Service Pack 1, strong-name signatures are not validated when an assembly is loaded into a full-trust application domain, such as the default application domain for the
MyComputer zone. This is referred to as the strong-name bypass feature. In a full-trust environment, demands for StrongNameIdentityPermission always succeed for signed, full-trust assemblies, regardless of their signature. The strong-name bypass feature avoids the unnecessary overhead of strong-name signature verification of full-trust assemblies in this situation, allowing the assemblies to load faster.
The bypass feature applies to any assembly that is signed with a strong name and that has the following characteristics:
Fully trusted without StrongName evidence (for example, has
Loaded into a fully trusted AppDomain.
This feature can be disabled for individual applications or for a computer. See How to: Disable the Strong-Name Bypass Feature.
|How to: Create a Public-Private Key Pair||Describes how to create a cryptographic key pair for signing an assembly.|
|How to: Sign an Assembly with a Strong Name||Describes how to create a strong-named assembly.|
|Enhanced Strong Naming||Describes enhancements to strong-names in the .NET Framework 4.5.|
|How to: Reference a Strong-Named Assembly||Describes how to reference types or resources in a strong-named assembly at compile time or run time.|
|How to: Disable the Strong-Name Bypass Feature||Describes how to disable the feature that bypasses the validation of strong-name signatures. This feature can be disabled for all or for specific applications.|
|Creating Assemblies||Provides an overview of single-file and multifile assemblies.|
|NIB: How to: Delay Sign an Assembly (Visual Studio)||Explains how to sign an assembly with a strong name after the assembly has been created.|
|Sn.exe (Strong Name Tool)||Describes the tool included in the .NET Framework that helps create assemblies with strong names. This tool provides options for key management, signature generation, and signature verification.|
|Al.exe (Assembly Linker)||Describes the tool included in the .NET Framework that generates a file that has an assembly manifest from modules or resource files.|