[Mono-list] The current state of assembly signing

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Jul 23 09:53:02 EDT 2008

On Wed, 2008-07-23 at 10:05 +0900, Ryan McDougall wrote:
> I would like to have my assembly be checked for basic tampering, and it
> would appear that .NET's standard signing would automatically solve my
> problem, and indeed it does detect trivial changes made with a hex
> editor on windows. However, when I do the same thing with mono, runs
> without throwing an exception.
> What is the current state of this feature?

Mono allows you to 

(a) sign (fully or delay signed) assemblies at compile time
(b) sign a delay signed assembly (sn)
(c) re-sign an assembly (sn), e.g. after modifying it
(d) validate signatures (sn)

Recent version of Mono enforce the signature

(1) when using gacutil, i.e. assemblies must be fully signed (no delay
signed) and have a valid signature to be installed into the GAC

What Mono does NOT do is:

(i) validate signatures when an assembly is loaded by the runtime

This feature will likely be implemented for the version of Mono that
will be embedded into the Moonlight 2.0 plugin.

> If mono doesn't currently support this feature, is there a way to mimic
> it in my own code?

Yes, look at the sn tool source code. The tool is able to sign and
verify strongname signatures using Mono.Security.dll assembly.


More information about the Mono-list mailing list