在C#中验证DLL
[英]Authenticating DLLs in C#
问题描述
I have an exe which uses Castle Windsor to implement a plugin mechanism. 
我有一个使用Castle Windsor来实现插件机制的exe。 I need to verify that the plugins I load came from me (and are not some malicious code). 我需要验证我加载的插件是否来自我(不是某些恶意代码)。
I believe I need to sign both the exe and the dll with an asymmetric key (possibly a SNK?). 我相信我需要使用非对称密钥(可能是SNK?)对exe和dll进行签名。 Firstly is this correct and how can I do this? 首先,这是正确的,我该怎么做? Secondly how can I verify programmatically in the exe that the the dll came from a trusted source? 其次,如何在exe中以编程方式验证dll是否来自受信任的来源?
1 个解决方案
解决方案1
5 已采纳 2013-06-18 08:47:10
If you sign your DLL then at runtime you can check the StrongName of the DLL before you load it. 如果您对DLL进行签名,则在运行时可以在加载DLL之前检查其StrongName 。
You could also check that the public key used to sign it is the one that you expect. 您还可以检查用于签名的公钥是否符合您的期望。
To get the public key of an assembly you can do this: 要获取程序集的公钥,可以执行以下操作:
Assembly assembly = ...
AssemblyName assemblyName = assembly.GetName();
byte[] publicKey = assemblyName.GetPublicKey();
I just checked and there's already a good answer about this on StackOverflow here: 我刚刚检查了一下,这里的StackOverflow已经有一个很好的答案:
https://stackoverflow.com/a/1350012/106159 https://stackoverflow.com/a/1350012/106159
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.