Menu
I have an exe which uses Castle Windsor to implement a plugin mechanism. I need to verify that the plugins I load came from me (and are not some malicious code).
I believe I need to sign both the exe and the dll with an asymmetric key (possibly a SNK?). Firstly is this correct and how can I do this? Secondly how can I verify programmatically in the exe that the the dll came from a trusted source?
824
If you sign your DLL then at runtime you can check the StrongName of the DLL before you load it.
You could also check that the public key used to sign it is the one that you expect.
To get the public key of an assembly you can do this:
Assembly assembly = ...
AssemblyName assemblyName = assembly.GetName();
byte[] publicKey = assemblyName.GetPublicKey();
I just checked and there's already a good answer about this on StackOverflow here:
https://stackoverflow.com/a/1350012/106159
191
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
