使用数字签名签署强名称程序集是不好的做法吗?
[英]Is it a bad practice to use a digital signature to sign a strongly named assembly?
问题描述
I am curious, through Google research I have been learning about digital signatures and strongly named assemblies. 
我很好奇,通过谷歌研究,我一直在学习数字签名和强烈命名的程序集。 It appears possible to use a digital signature to sign a strongly named assembly if you really try hard. 如果您真的努力,似乎可以使用数字签名来签署强名称的程序集。
I speculate that with this practice it is possible to circumvent the purpose of a digital signature by using it this way. 我推测,通过这种做法,可以通过这种方式使用它来规避数字签名的目的。
Microsoft says: 微软说:
"strong names in and of themselves do not imply a level of trust like that provided, for example, by a digital signature and supporting certificate."
-- http://msdn.microsoft.com/en-us/library/wd40t7ad%28v=vs.110%29.aspx
Am I correct in guessing that using a digital signature in this way is actually a bad practice, that may create a security hole and definitely serves no purpose? 我是否正确地猜测以这种方式使用数字签名实际上是一种不好的做法,这可能会造成安全漏洞并且绝对没有用处? Or is it even possible? 或者甚至可能吗? Is using a digital signature as the strong name possible or better then then doing nothing? 使用数字签名作为强名称可能或更好然后什么都不做? Does it provide some extra security beyond using a digital signature properly. 除了正确使用数字签名之外,它是否提供了额外的安全性。
3 个解决方案
解决方案1
10 2014-03-06 22:32:49
Is it a bad practice to use a digital signature to sign a strongly named assembly?
No. That's a perfectly good practice. 不,这是一个非常好的做法。
It appears possible to use a digital signature to sign a strongly named assembly if you really try hard.
It's a bit tricky, because both strong naming and digital signing modify the assembly. 这有点棘手,因为强大的命名和数字签名都会修改程序集。 The assembly must be first strong named and then signed. 程序集必须首先强名,然后签名。
I speculate that with this practice it is possible to circumvent the purpose of a digital signature by using it this way, as the strongly named assembly can be hacked
OK, so you're speculating that there's an attack. 好的,所以你猜测有攻击。 I'm speculating that there isn't. 我猜测没有。 State the vulnerability and the proposed attack. 说明漏洞和建议的攻击。
(at least some post said so).
Are you going to make us guess which post said so? 你打算让我们猜猜哪个帖子这么说了吗?
"strong names in and of themselves do not imply a level of trust like that provided, for example, by a digital signature and supporting certificate."
That's correct. 那是对的。 Strong names and digital certificates are similar but they solve different problems. 强名称和数字证书类似,但它们解决了不同的问题。 Strong names solve the identification of assemblies problem. 强名称解决了装配问题的识别问题。 Signatures solve the chain of trust problem. 签名解决了信任链问题。
I have seen examples of Internet posters trying to do exactly that thinking that they are protecting their software.
Neither strong naming nor certificate signing protects software at all! 无论是强命名还是证书签名都不能保护软件 ! The purpose of a security system isn't to protect the software , it's to protect the users . 安全系统的目的不是保护软件 ,而是保护用户 。 We don't have driver's licences to keep the Department of Motor Vehicles safe from attack by ninjas. 我们没有驾驶执照来保证机动车辆部门免受忍者袭击。 We have drivers licenses to establish that the bearer of the license really is who they say they are and is permitted to drive. 我们有驾驶执照,证明驾照的持有人确实是他们所说的并且被允许驾驶的人。 Anyone who thinks that strong naming is there to protect the software is very, very confused. 任何认为强有力的命名保护软件的人都非常非常困惑。
Am I correct in guessing that using a digital signature in this way is actually a bad practice, that may create a security hole and definitely serves no purpose?
No, you are wrong on every count. 不,你错了。
it a good or bad thing to cross the streams (please excuse the humor.)?
Why would it be a bad thing? 为什么这会是一件坏事? All we have is your claim that there is an attack, and no evidence whatsoever that there actually is one. 我们所拥有的只是你声称存在攻击,并且没有任何证据确实存在攻击。
Or is it even possible?
Sure it's possible. 当然有可能。
are the posts I have seen with references to using the two in concert (using a digital signature to sign an assembly specifically as strongly named (not digitally signed)) possible or better then then doing nothing?
You're asking us to comment on the accuracy of posts that we haven't read and you haven't provided links to. 您要求我们评论我们尚未阅读的帖子的准确性,而您尚未提供链接。 How should we know whether they're accurate or not? 我们应该怎么知道它们是否准确?
解决方案2
4 2014-03-06 20:45:18
There is no trust chain exists for keys used to strongly sign assemblies. 用于强烈签署程序集的密钥不存在信任链。 You can't use the same type of keys for strong name signing and "code signing": so there is no problem "mixing and matching". 您不能使用相同类型的密钥进行强名称签名和“代码签名”:因此“混合和匹配”没有问题。 These two types of signing server two different purposes and you need to pick ones that you need in your particular case (most likely just strong name signing and .Net does not have built in verification for the other one). 这两种类型的签名服务器有两种不同的用途,您需要在特定情况下选择您需要的那些(很可能只是强名称签名而.Net没有内置验证的另一个)。
With signing for strong name you can't say if particular key belongs to particular entity, unlike other types of signing where you know source of the signing certificate (ie authenticode signing or SSL certificates for HTTPS) and can be reasonably sure about origin. 通过签名强名称,您不能说特定密钥是否属于特定实体,不像其他类型的签名,您知道签名证书的来源(即,身份验证签名或HTTPS的SSL证书),并且可以合理地确定原点。
Strongly signing tells you that assemblies signed by the same key created by the same "entity", but there is no indication of what/who this "entity" is. 强烈签名告诉您由相同“实体”创建的相同密钥签署的程序集,但没有指示此“实体”是什么/谁。 You can't really say "this new version of assembly is built by FooBar company", you can only say "it build by the same company/group as previous one". 你不能说“这个新版本的装配是由FooBar公司制造的”,你只能说“它与前一个公司/集团共同构建”。
Note: Indeed there are some "well known" public keys (ie Framework assemblies signed by Microsoft), but you can't get any assembly and say "signed by X" just by looking at the public key. 注意:确实有一些“众所周知的”公钥(即由Microsoft签名的框架程序集),但是你不能通过查看公钥来获得任何程序集并说“由X签名”。
Note that this covered in details in Eric Lippert answer - Signing of .NET Assemblies . 请注意,Eric Lippert在回答 - .NET程序集的签名中详细介绍了这一点。
解决方案3
3 已采纳 2014-03-06 21:41:33
Just splitting this up into clear bits, because I'm not quite sure what you're asking. 把它分成清楚的部分,因为我不太清楚你在问什么。
Is it possible to use the private key of a digital signature (eg Authenticode) to strongly name an assembly? 是否可以使用数字签名的私钥(例如Authenticode)来强烈命名程序集?
Yes, at least in theory - since all a key is is a sequence of bytes. 是的,至少在理论上 - 因为所有的密钥都是一个字节序列。
Would there be any point in doing so? 这样做有什么意义吗?
Since you don't need to pay for a private key for strong naming, using a paid-for digital signature to do it wouldn't make much sense, no. 由于您不需要为强名称支付私钥,因此使用付费数字签名来做这件事就没有多大意义了。 What you pay for is the trust associated with the digital signature. 您支付的是与数字签名相关的信任。 Strong naming, as Eric Lippert, Alexei, and others explained, doesn't assert trust. 正如Eric Lippert,Alexei和其他人所解释的那样,强有力的命名并没有得到信任。
Would it be a security hole if you did so anyway? 如果你这样做,那会是一个安全漏洞吗?
No. Whether you're digitally signing or strong naming, and no matter what private key you may use for it, all you're giving out with the assembly is the public key. 不管你是数字签名还是强命名,无论你使用什么私钥,你所提供的所有组件都是公钥。 A public key is meant to be public knowledge - that's the whole point of asymmetric cryptography. 公钥意在为公众所知-这就是非对称加密的整点。 As long as your private key remains private, there's no hole. 只要您的私钥保持私密,就没有漏洞。
ETA: I would like to see the post(s) mentioned in the question, about strong naming using an Authenticode signature (as opposed to combining the two), though. ETA:我希望看到问题中提到的帖子,关于使用Authenticode签名进行强命名(而不是将两者结合使用)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.