Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security » StrongName   (RSS)
Wednesday, May 14, 2008 9:09 AM

Strong Name Bypass

Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted
Posted by shawnfa | 0 Comments
Filed under: , ,
Wednesday, January 10, 2007 10:32 AM

Combining Strong Names with Authenticode

If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need
Posted by shawnfa | 6 Comments
Friday, June 23, 2006 12:15 PM

Reducing Startup Time Due To Strong Name Verification

Occasionally we run into a scenario where someone asks about shipping a strong name skip verification entry for their assembly with their product. Generally, their reasoning is that the performance hit of strong name verification is too great for their
Posted by shawnfa | 6 Comments
Filed under: ,
Friday, June 23, 2006 11:41 AM

APTCA and SQL Server 2005

Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute . Today, the SQL-CLR blog takes a look at how APTCA affects assemblies hosted in SQL Server 2005 databases -- recommended reading for those dealing with strong names and
Posted by shawnfa | 1 Comments
Filed under: ,
Friday, June 16, 2006 1:19 PM

CLR Inside Out: Using Strong Name Signatures

Mike Downen , our CLR security PM, wrote the CLR Inside Out column this month in MSDN Magazine on strong name signatures. He covers what strong name signatures are, what they're good for, what they're not good for, delay signing, and test signing. I just
Posted by shawnfa | 2 Comments
Filed under: ,
Wednesday, May 24, 2006 12:00 PM

Test Signing in Action: IronPython Beta 7

The IronPython team just announced their v1.0 beta 7 release , which is especially interesting to me because they’ve enabled IronPython to be signed with a test key signature. Beta 7 has four configurations, the standard Release and Debug along with Signed
Posted by shawnfa | 1 Comments
Filed under: , ,
Monday, April 03, 2006 2:44 PM

What Happens When You Fully Sign a Test Signed Assembly

When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your
Posted by shawnfa | 3 Comments
Tuesday, February 14, 2006 9:52 AM

SN v2.0 Works With PFX Files

One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the ability to work with PKCS #12 PFX files in addition to SNK files. The logic here is that a self signed certificate stored in a PFX file is the moral equivalent
Posted by shawnfa | 7 Comments
Tuesday, December 13, 2005 7:00 AM

Authenticode and Assemblies

The general concepts of Authenticode signing an assembly are well understood -- they mostly correlate directly to the standard Win32 concept of a signed catalog. However, there are a few places where managed code plays differently, and sometimes these
Posted by shawnfa | 13 Comments
Filed under: ,
Monday, October 24, 2005 9:20 AM

Test Key Signing

One feature that will start to show up on the latest CTP of Whidbey is test key signing -- basically delay signing++. Lets do a quick review of what delay signing is , and then see where test key signing takes over. Recall a delay signed assembly is one
Posted by shawnfa | 9 Comments
Filed under: ,
Thursday, April 14, 2005 4:08 PM

Trusting Applications with their Strong Name

Last time I talked about reasons that you might want to strongly name your application's entry point . The most obvious reason is so that you can setup your security policy to increase the level of trust given to that assembly by the default policy. You
Posted by shawnfa | 1 Comments
Filed under: , ,
Monday, February 28, 2005 5:12 PM

The Difference Between the Strong Name Hash and Hash Evidence

The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section
Posted by shawnfa | 5 Comments
Wednesday, February 23, 2005 1:55 PM

Public Key Tokens

Time for another visit to the managed strong name API; this time lets take a look at public key tokens. If we want to calculate a token, the strong name API provides two functions that we can use. We've already covered the first, StrongNameTokenFromAssemblyEx
Posted by shawnfa | 0 Comments
Friday, January 28, 2005 6:03 PM

A Few Observations about Raw Signatures

Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday : You can figure out the size of the key used to sign an assembly based upon the size of the signature
Posted by shawnfa | 3 Comments
Wednesday, January 26, 2005 3:11 PM

Finding the Raw Strong Name Signature

Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual
Posted by shawnfa | 5 Comments
More Posts Next page »
 
Page view tracker