Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Pros/Cons of strong-named/signed assemblies

Tags:

.net

assembly-signing

We have a solution with many projects in it (probably 20 or more). Recently we've made some changes that require a couple of those assemblies to be callable from COM, which means we need to strong-name them. Those assemblies reference others in our project, which means they need to be strong-named as well. They also have InternalsVisibleTo attributes, so the assemblies that are granted that must also be strong-named.

Rather than hunt-and-peck trying to find just which assemblies need signing/strong-naming, I recommended we simply strong-name them all. This has put a couple of people in a tizzy about risk. I'm arguing that there is no risk, but they want pros and cons of signing assemblies. The only things I've been able to come up with are:

Pros

  • It's a requirement to call the assembly from COM
  • It would allow us to put the assemblies in the GAC (we don't do that now)
  • It prevents tampering (we host the application, it's not installed on client sites, so not that big an issue)

Cons

  • It requires that every assembly we use in the future be signed

I have two specific questions:

  1. Would you say, in general, it's a good idea to sign/strong-name assemblies?
  2. Can you think of any other pros or cons?
like image 213
Craig W. Avatar asked Apr 07 '11 15:04

Craig W.

People also ask

Should I strong name my assemblies?

You should strong name your open-source . NET libraries. Strong naming an assembly ensures the most people can use it, and strict assembly loading only affects . NET Framework.

What makes a strong named assembly?

What makes a strong-named assembly? A strong named assembly is generated by using the private key that corresponds to the public key distributed with the assembly, and the assembly itself. The assembly includes the assembly manifest, which contains the names and hashes of all the files that make up the assembly.

What Are Strong named assemblies?

A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key.

What is strong name signature?

A strong name signature is an identity mechanism in the . NET Framework for identifying assemblies. It is a public-key digital signature that is typically used to verify the integrity of data being passed from an originator (signer) to a recipient (verifier).

2 Answers

Your single con is bogus. It's actually a pro.

Unsigned assemblies can be used exclusively by unsigned assemblies. Signed assemblies can be used by both signed assemblies and unsigned assemblies.

like image 116
R. Martinho Fernandes Avatar answered Oct 05 '22 02:10

R. Martinho Fernandes

"It's a requirement to call the assembly from COM"

You dont need to sign an assembly to make it a COM Component. I implemented a lot of COM-server without signing the assembly.

some more Cons:

  • you cant update an assembly with a new version without replacing all other assemblies requiring it => no shared components easily
  • can't use non signed third party components (many Free/OpenSource)
  • signed assemblies in the GAC are not validated, someone evil can alter/replace your signed assembly with anything and your programs happily accept this anything link
like image 31
Firo Avatar answered Oct 05 '22 03:10

Firo
Sign in to Comment

Related questions

System.Comparison<T> understanding
What benefit does your code receive if you decorate it with attributes demanding specific Security permissions?
What would be a sensible way to implement a Trie in .NET?
Add Stylesheet reference to XML Document in Linq?
.net scrollbar autoscroll problem
What's the costs of unused assembly references?
What does "exporting private keys" mean ( Makecert -pe )?
Problem with different "execution context" of an anonymous method within a loop
.net application crashes unexpected without exception
Loading assembly at runtime fails when I copy the DLL after program startup
Does c# string have a length limit [duplicate]
How can I print data from a DataGridView in C#?
How can I display a tooltip constantly while a control is focused?
Fluent Cassandra vs Aquiles?
Match regex at exact offset
Declarative Helper Methods in Razor RTM
How can I remove the white line drawn under a MenuStrip control?
Why don't I get InvalidCastException when casting enum to integer fails?
Why does ReSharper need to scan all files when converting a property to an auto property?
.NET behind the scenes: What does 'object' store?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!