Comments on: Three ways to tell if a .NET Assembly (DLL) has Strong Name

By: ELMAH in the GAC | Pros Global TV

ELMAH in the GAC | Pros Global TV — Wed, 03 Aug 2011 00:07:04 +0000

[...] use the Strong Name Tool (sn.exe) or the Microsoft Intermediate Language Disassembler (ILDASM.EXE). Here’s a blog that shows how to do either one. Or you can simply trust that it is strong named. If it isn’t, the next step won’t [...]

By: Bill Wilder

Bill Wilder — Wed, 18 May 2011 03:03:49 +0000

@renniepet – you are indeed correct – that is what I meant. Unfortunately, WordPress does not appear to allow me to edit that comment (http://blog.codingoutloud.com/2010/03/13/three-ways-to-tell-whether-an-assembly-dl-is-strong-named/#comment-981) to correct it. Thank you for the clarification.

By: renniepet

renniepet — Wed, 18 May 2011 00:53:48 +0000

In the last sentence of the second-last paragraph I think you mean “you can trust that these bits have not changed since the the digital signature was applied.”

By: Bill Wilder

Bill Wilder — Tue, 15 Mar 2011 18:58:00 +0000

@Ioana it appears you are aware that strong naming can only be applied to assemblies that rely only on other assemblies which are strong named. So I see you problem. I suppose you could use the “sn” tool (see http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx) to strong name the AutoCAD file and “see what happens” and whether it meets your needs. Make backups first.. Of course, you may not yet know the state of the OTHER assemblies the AutoCAD dll relies on, so you may need to recursively apply strong names.

By: Ioana

Ioana — Tue, 15 Mar 2011 09:23:53 +0000

Hi,
This article is very useful! Thanks a lot!
I also have a question : I am trying to make my assembly strong named but I am having an error because another dll than I am using in the project is not strong named. How can I make it strong named? (the dll is from AutoCAD C:\Program Files\Autodesk\AutoCAD Architecture 2011\ acdbmgd.dll). Hope you can help me. Thanks in advance.

By: Bill Wilder

Bill Wilder — Wed, 05 Jan 2011 01:54:44 +0000

@sveerap – thanks for the feedback. My point “Strong Names and Digital Signatures are Orthogonal Concerns” can be restated as they have nothing to do with each other. For example, you can have one with out the other, or you can use them both, but they don’t overlap.

It is unfortunate that applying a strong name and applying a digital signature both involve similar crypto concepts and both update the binary, but that happens to be the case. Also, I think it would have been possible for Microsoft to design an approach that only required one step, but this would have been at the expense of complexity for those who only wanted to strong name – this is because the digital certificates used for strong naming can be generated by you, on your personal dev machine, whereas the digital certificates used for digitally signing will typically be purchased from a PKI authority like Verisign (or perhaps provided from an internal PKI within your company for internal-use-only assemblies).

When you apply a strong name, sn.exe updates the assembly (e.g., Foo.dll) with an unambiguous entry claiming something like “this binary is named Foo.dll, is of version 1.2.3.4, is culture ‘en-us’ (or neutral, etc.), is for processor architecture MSIL (or x86, etc), and Public Key ‘abcde…’ was used to create the strong name.” This is to avoid the “DLL Hell” mentioned above within the post.

DLL Hell can happen any time you need to concurrently support more than one version of an Assembly (or DLL as we used to call them). With strong names, you can now have two Assemblies, both named Foo.dll, used concurrently on your system – they can even both be in the “same” place, side-by-side in the Global Assembly Cache (“GAC” – “the gack”). Further, your application can choose to only work with Foo.dll version 1.2.3.4 (because it was tested with that), and can fail fast (if you want it to) when Foo.dll 2.0.0.0 is installed and 1.2.3.4 is no longer available. Now further imagine you want a version of Foo.dll for French and another for Russian; no problem. Now you migrate Foo.dll from raw x86 over to MSIL architecture; no problem. DLL Hell is avoided and more fine-grained control is available.

Now so far this only addresses being clear about which version of the assembly ought to be loaded. And it is most of the way there. But is not entirely SECURE. It would be possible for a hacker to create a tampered assembly that appeared to be Foo.dll version 1.2.3.4 – but wasn’t. To ensure that the binary was not (maliciously or otherwise) edited after creation, we apply a digital signature to the whole file.

The only interdependency caveat is that you’ll need to apply the strong name before applying the digital signature. Both the strong name and the digital signature will change the binary, but due to the purpose of the digital signature, it comes afterwards since it is used to tell you that the assembly has not been tampered with since the strong name was applied.

In summary, the strong name and the digital signature address different architectural concerns. The strong name says says “this binary is named Foo.dll, has version 1.2.3.4, is culture ‘en-us’, and is for processor architecture MSIL” while the digital signature says “you can trust that these bits have not changed since the the strong name was applied.”

In particular, if you are developing assemblies exclusively for internal use within a company, and don’t need to worry about hackers or conflicts, you are probably fine with skipping the digital signing. But you definitely will want the strong name.

Hope that helps.
-Bill

By: sveerap

sveerap — Sun, 02 Jan 2011 00:57:01 +0000

Hi Bill Wilder,
Thanks for the nice article. I too have been googling for something like this . Though I have still some queries around the difference between strong name and digital signing (i.e. diff between signtool and sn). When you say , orthogonal , can you explain with an example.

When we strong name an assembly, we use a key to give it a strong name. Is it not enough for protecting the integrity and verification. Doesn’t strong name produce a digital signature in an assembly manifest?. Why do we need additional digital signing?. Is it like , first we give strong name using our key and then digital sign it with the certificate using signtool?. I think I am missing something in my analysis. Please help.

By: Lyman Groombridge

Lyman Groombridge — Sun, 14 Mar 2010 11:09:07 +0000

You cannot believe how long ive been googling for something like this. Through 10 pages of Yahoo results and couldnt find anything. Quick search on bing. There was this…. Really have to start using it more often!