[Mono-list] Checking for valid assembly signature
Robert Jordan
robertj at gmx.net
Mon Aug 25 08:07:38 EDT 2008
paszczi wrote:
> Hello,
>
> I have just faced a problem for which I cannot find the solution. My
> app has a plugin architecture, during app startup all plugins all
> loaded. However, I want to be able to somehow verify whether plugin
> comes from trusted source. So I thought of assembly signing, however
> I couldn't find any managed API (on
> http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx they
> suggest using P/Invokes :/) to verify whether the signature is valid.
> Is there any way to do it? Or should I take different approach?
On MS.NET, you can load the assembly for reflection only and
check either its the public key token or the whole public key.
If the keys matches your expectations, then you can safely
load the assembly, because the runtime would detect tampered
assemblies.
The blog is suggesting this was not enough, but, to be honest,
if the GAC is already compromised, you can't trust the machine
anymore.
On Mono, things are different, because the runtime doesn't check
the signature of the assembly. But you still have 2 options:
- run "sn -vf assembly.dll" and check the result code.
It's != 0 if the assembly isn't strongnamed or if it's tainted.
- extract the relevant signature checking code from sn.exe's
sources.
Robert
More information about the Mono-list
mailing list