当前位置：文江博客话题详情

PublicKeyToken 和公钥有什么区别？

发布于 2024-10-29 06:33:00 字数 67 浏览 1 评论 0原文

每个签名的 .NET 都有一个公钥令牌（8 字节）和一个公钥（128 字节）。两者有什么区别，为什么我们需要两个公钥？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

渔村楼浪 2024-11-05 06:33:00

公钥令牌只是公钥的散列。这里有信息。

更新

为什么我们需要公钥？

由于程序集可以被签名，并且签名的程序集将包含公钥。加载 DLL 时，.NET 将使用公钥根据签名验证程序集。签名只能使用私钥生成，而公钥本身可用于验证签名。

此过程可确保组装不被篡改。

从 CLR 通过 C#：

使用私钥对程序集进行签名
确保持有人
相应的公钥产生了
集会。当装配时
安装到GAC系统中
对文件内容进行哈希处理
包含清单和比较
RSA数字的哈希值
嵌入PE中的签名值
文件（使用取消签名后
公钥）。如果值为
相同，但文件内容不同
被篡改了，你知道
你有公钥
对应于发布者的私有
钥匙。此外，系统哈希
大会其他内容
文件并比较哈希值
哈希值存储在
清单文件的 FileDef 表。如果有的话
的哈希值不匹配，位于
至少有一个程序集文件具有
被篡改，并且装配
将无法安装到 GAC 中。

更新 2

为什么需要公钥令牌？由于公钥太大而无法使用（再次来自 CLR Visa C#）：

公钥的大小使得它们
很难合作。做东西
对于开发人员来说更容易（对于最终
用户也是如此），公钥令牌是
创建的。公钥令牌是
公钥的 64 位哈希值。
SN.exe 的 -tp 开关显示公共
对应的密钥令牌
完整的公钥位于其末尾
输出。
因为公钥太大了
数字，并且单个组件可能
参考许多程序集，一个大的
结果文件的百分比
总大小将被占用
公钥信息。为了节约
存储空间，微软散列
公钥并占用最后 8 个字节
的哈希值。这些减少了
公钥值——称为公钥
令牌——实际存储在
AssemblyRef 表。一般来说，
开发人员和最终用户将看到
公钥代币更有价值
比完整公钥更频繁
价值观。但请注意，CLR
当以下情况时从不使用公钥令牌
做出安全或信任决策
因为有可能有几个
公钥可以散列到单个
公钥令牌。

Public Key token is just the hash of the public key. Here for info.

UPDATE

Why we need public key?

Since assembly can be signed and signed assemblies will contain the public key. When loading DLL .NET will use the public key to validate the assembly against the signature. Signature can be only generated using the private key while public key itself can be used for validating the signature.

This process makes sure assembly is not tampered with.

From CLR via C#:

Signing an assembly with a private key
ensures that the holder of the
corresponding public key produced the
assembly. When the assembly is
installed into the GAC, the system
hashes the contents of the file
containing the manifest and compares
the hash value with the RSA digital
signature value embedded within the PE
file (after unsigning it with the
public key). If the values are
identical, the file's contents haven't
been tampered with, and you know that
you have the public key that
corresponds to the publisher's private
key. In addition, the system hashes
the contents of the assembly's other
files and compares the hash values
with the hash values stored in the
manifest file's FileDef table. If any
of the hash values don't match, at
least one of the assembly's files has
been tampered with, and the assembly
will fail to install into the GAC.

UPDATE 2

Why public key token needed? Since public key is too big to work with so (Again from CLR visa C#):

The size of public keys makes them
difficult to work with. To make things
easier for the developer (and for end
users too), public key tokens were
created. A public key token is a
64-bit hash of the public key.
SN.exe's -tp switch shows the public
key token that corresponds to the
complete public key at the end of its
output.
Because public keys are such large
numbers, and a single assembly might
reference many assemblies, a large
percentage of the resulting file's
total size would be occupied with
public key information. To conserve
storage space, Microsoft hashes the
public key and takes the last 8 bytes
of the hashed value. These reduced
public key values—known as public key
tokens—are what are actually stored in
an AssemblyRef table. In general,
developers and end users will see
public key token values much more
frequently than full public key
values. Note, however, that the CLR
never uses public key tokens when
making security or trust decisions
because it is possible that several
public keys could hash to a single
public key token.