As far as I understand, you are supposed to keep the signing file secret. So how do the Mono versions of the .net framework assemblies also have the same public key token of b77a5c561934e089
.
The public key token is a unique 16-character key that is given to the assembly when it is built and signed in Microsoft Visual Studio. To determine the public token key, you can run the Strong Name tool (sn.exe) on the assembly. The sn.exe is available with the Microsoft . NET Framework SDK.
To add a Get Assembly Public Key item to the Tools menuIn the External Tools dialog box, click Add and enter Get Assembly Public Key in the Title box. Fill the Command box by browsing to sn.exe. It is typically installed at the following location: C:\Program Files (x86)\Microsoft SDKs\Windows\v7. 0a\Bin\x64\sn.exe.
The public key will decrypt the signed hash. When the CLR loads a strongly named assembly it will generate a hash from the assembly and then compare this with the decrypted hash.
Mono has a public-key remapping mechanism; see http://www.mono-project.com/Assemblies_and_the_GAC#Public_Key_Token_Remapping
So when a public key is seen that is recognised in the special list, it is silently remapped to a different key for the actual validation. This allows mono to sign with their own key, but use some smoke and mirrors to claim the came public key as regular .NET uses (including assemblies "signed" with the special ECMA header), so that assemblies can be interchangeable into mono without needing to be rebuilt.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With