使用强名称签名如何防止伪造一组程序集?

发布于 2024-10-14 23:57:45 字数 588 浏览 6 评论 0原文

使用强名称(存储在 .snk 文件中的密钥对)进行签名(以及其他用途)意味着 防止伪造程序集

例如:我发送使用强名称签名的程序集,然后其他一些开发人员使用我的程序集,因此他的程序集现在包含对我的程序集的引用,其中提到了我的密钥对的公钥。一些用户安装了该开发人员程序集和我的程序集,并愉快地使用该开发人员的代码。如果其他人尝试生成一个看起来像我的版本的程序集,并让用户相信这是一个“值得安装的更新”,则伪造的程序集将不会加载,因为我控制我的密钥对,并且伪造的程序集未使用相同的密钥对进行签名。好吧,酷。

但是,什么可以阻止恶意方伪造我的程序集和其他开发人员的依赖程序集并“运送”它们呢?他们获取我的程序集和该开发人员的程序集,篡改两者,使用任何密钥对我的程序集的伪造版本进行签名,然后将对其的引用添加到依赖程序集的伪造版本中,也对其进行签名,然后将两者都发送。我的意思是恶意“运送”两个程序集应该不会比“运送”一个程序集困难多少。

使用强名称签名如何防止伪造多个程序集?

Signing with a strong name (keypair stored in a .snk file) is (among other uses) meant to protect against forging assemblies.

For example: I ship my assembly signed with a strong name, then some other developer uses my assembly and so his assembly now contains a reference to mine, mentioning the public key of my keypair. Some user installs that developer assembly and my assembly and happily uses that developer's code. If anyone else tries to produce an assembly that looks like a version of mine and convince the user that it's an "update worth installing" that forged assembly won't load because I control my keypair and that forged assembly is not signed with the same keypair. Okay, cool.

But what prevents a malicious party from forging both my assembly and that dependent assembly of the other developer and "shipping" them both? They grab my assembly and that developer's assembly, tamper both, sign the forged version of my assembly with whatever key, then add a reference to it into the forged version of the dependent assembly, sign it too and then ship both. I mean maliciously "shipping" two assemblies should not be much harder than "shipping" one assembly.

How does signing with strong names protect against forging multiple assemblies?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

走过海棠暮 2024-10-21 23:57:45

强命名程序集实际上并不是为了保护已签名的程序集。它是为了保护正在加载签名程序集的其他程序集。

例如,如果一个 EXE 是受信任的,并且想要从已知位置(例如 GAC、网络共享、互联网等)加载已知的 DLL,那么它可以使用强名称来执行此操作,并具有一定程度的可信度:装配未被篡改。

但是,如果整个程序集被反汇编,然后重新组装并重新签名,那么是的,你是对的,他们可以重写加载其余程序集的代码行,以便用新(假)钥匙。

但这种篡改行为是显而易见的。换句话说,强名称签名提供了明显的篡改证据,但并不能在所有情况下防止篡改。除此之外,本地管理员可以完全禁用强名称验证(出于“开发”目的),并且显然强名称签名并不是万无一失的安全机制。

Authenticode 和驱动程序签名也是如此。我们都见过一种指示用户“忽略安全警告”的产品。这基本上就是如果强名称验证被禁用或整组程序集的签名被删除时 EXE 将会执行的操作 - 它将忽略警告。

Strong naming an assembly is really not meant to protect the signed assembly. It is to protect the other assembly that is loading the signed assembly.

For example, if an EXE is trusted and wants to load a known DLL from a known location (such as the GAC, a network share, the internet, etc.) it can do so using a strong name with some level of confidence that the assembly has not been tampered with.

But, if the whole set of assemblies is disassembled then re-assembled and re-signed, then yes, you're right they could just re-write the lines of code that load the rest of the assemblies such that it loads them with the new (fake) key.

But this kind of tampering would be evident. In other words, the strong name signing provides clear evidence of tampering, but doesn't prevent it in all cases. Add to that the fact that a local admin can disable strong name verification altogether (for "development" purposes) and it's obvious that strong name signing is not a bulletproof security mechanism.

Same goes for Authenticode and driver signing though. We've all seen a product out there that instructs users to "ignore the security warning". That's basically what the EXE would be doing if strong name verification were disabled or the entire set of assemblies had their signatures stripped - it would be ignoring the warning.

醉态萌生 2024-10-21 23:57:45

强命名就是……“命名”。我引用这里:使用强名称签名

“强名称提供了强大的为 .NET Framework 程序集提供唯一标识的机制。”

这就是您将从该机制中获得的全部内容。这意味着我可以伪造您的程序集及其引用的所有程序集,但我无法假装“您做到了”。我无法假装是这些程序集的发布者。

Strong Naming is all about, well ... "naming". I quote from here: Using Strong Name Signatures

"Strong names offer a powerful mechanism for giving .NET Framework assemblies unique identities."

That's all what you'll ever get from this mechanism. It means I can forge your assembly and all assemblies it references, but I will not be able to pretend "you did it". I will not be able to pretend you are the publisher of these assemblies.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文