[Mono-list] Checking for valid assembly signature
paszczi at go2.pl
Mon Aug 25 04:17:56 EDT 2008
I have just faced a problem for which I cannot find the solution. My app has a plugin architecture, during app startup all plugins all loaded. However, I want to be able to somehow verify whether plugin comes from trusted source. So I thought of assembly signing, however I couldn't find any managed API (on http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx they suggest using P/Invokes :/) to verify whether the signature is valid. Is there any way to do it? Or should I take different approach? Second question is somehow related to the first one. Can I sign assembly with key that came from the certificate (in pkcs#12 format for what it's worth).
More information about the Mono-list