Cook Computing

Tomas Restrepo discusses Strong Names

May 19, 2002 Written by Charles Cook

Tomas Restrepo discusses Strong Names and Open Source. As I mentioned in an earlier posting here, the key file I use to build XML-RPC.NET is not included with the distribution. I suppose to be consistent with this I should make the public key available here so people could verify, if they were bothered, that an XML-RPC.NET assembly has been signed with this key. Even then there is still the problem of someone hacking into or spoofing this website, so the better solution would be to use a certificate. If I was selling .NET software then I would definitely pay the several hundred dollars a year for a certificate but until then strong naming will have to suffice.

Sam Gentile asks a question:

A good explanation. We are using strong names, signing and the GAC. I think I lost you on the part about to "identify" the originator. It was my impression that with marking the assemblies or Interops "promary", including a strong name, and fully signing it, we could gaurentee that one would know it came from our coporation. If I understand what you're saying it only ensures the signature in the assembly manifest when loaded is the same as the originator it was built with. Right?

My understanding of this is: given an assembly and the public key of a strong name, you can prove the assembly was signed with the corresponding private key. Therefore if you know for sure that the public key comes from a certain person or corporation, you know they signed the assembly. As I suggested above the problem is trusting the source of the public key. Which is where a certificate comes in. This essentially shiftts the burden of trust from the Cook Computing web site, which may completely under the control of hackers for all we know, to the Certificate Authority who issued the certificate, for example Verisign or Thawte. The code is now signed in such a way that if we have the public key of the Certificate Authority then we can determine for sure that the code was signed by Cook Computing (because Verisign or Thawte trusted Cook Computing enough to give issue me with a certificate, i.e I paid them some money, along with some sort of proof of identity). The problem of obtaining the public key or certificate of the Certificate Authority is solved by having this installed with the browser or operating system.

Going back to the original problem reported by Simon Fell, hacking the GAC can only be done if you have sufficient permissions (membership of Power Users or Administrators groups as described by Peter Drayton)). If you can do this you can also hack the certificates stored on the machine and plenty else, so the problem is really a non-problem because security would become impossible in this situation, no matter which method was used.