Delay Signing an Assembly

In this sample I will demonstrate the use of a delay signed assembly.

When an assembly is delay signed, the public key is added to the assembly. Delay signed assemblies can be referenced to even though they are not signed with the private key. This is especially handy while developping because in most circumstances not everyone has access to the final private key. In this blog I will show how this process works.

First the code

helloassembly.cs:

using System;

namespace helloassembly {
  public class Hello
  {
        public string SayHello(string name)
        {
            return "Hello " + name;
        }
  }
}

hello.cs:

using System;
using helloassembly;

public class HelloExe
{
        [STAThread]
        static void Main(string[] args)
        {
            Hello x = new Hello();
            Console.WriteLine(x.SayHello("Andre"));
        }
}

create the keypair:
sn -k my.sln

create the public key:
sn -p my.sln mypublic.sln

compile the assembly without signing:
csc /target:library helloassembly.cs

compile the exe:
csc /target:exe /r:helloassembly.dll Hello.cs

run the exe – Works..

sign the helloassembly with key (won’t work because it’s not a strongly named)
sn -R helloassembly.dll my(public).sln

recompile the helloassembly signed:
csc /target:library /keyfile:my.sln helloassembly.cs

run the hello.exe – Won’t work because hello is compiled against a nonsigned assembly

recompile the hello.cs:
csc /target:exe /r:helloassembly.dll Hello.cs

run the hello.exe – Works

resign helloassembly:
sn -R helloassembly.dll my.sln

run the hello.exe – Works

recompile the helloassembly with delay signing:

csc /target:library /keyfile:mypublic.sln /delaysign+ helloassembly.cs

run hello.exe – Fails because the helloassembly is not strong signed.

recompile hello.exe:
csc /target:exe /r:helloassembly.dll Hello.cs
this works because the assembly is delay signed.

run hello.exe – Fails because the helloassembly is not strong signed.

add the helloassembly to the verifications on the local machine:
sn -Vr helloassembly.dll
sn -Vl

run hello.exe – Works because hello.exe is allowed to reference helloassembly

remove the helloassembly
sn -Vu helloassembly.dll
sn -Vl

run hello.exe – Fails as expected

sign the delay signed helloassembly:
sn -R helloassembly.dll my.sln

run hello.exe – Works without recompiling.

I have explained pretty much of the possibilities.

Have fun..

Sign a .Net assembly

A .Net assembly can be easily tampered with. Using the ildasm one can get and alter the sourcecode of an assembly (as explained in a previous blog). The sollution is to sign the assembly to be sure it is not tampered with.

Let’s start with the Hello.cs assembly:

using System;

public class Hello
{
    [STAThread]
    static void Main(string[] args)
        {
            Console.WriteLine("Hello World!");
        }
}

To sign we need a keyset (private and public).
sn -k myKeySet.sln

compile the Hello.cs with this keyfile:
csc /keyfile:myKeySet.sln /target:exe /out:Hello.exe Hello.cs

Now we have a signed assembly. When we try to alter this with the steps in previous blog we get the following error:

Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly ‘Hello, Version=0.0.0.0, Culture=neutral, PublicKeyToken=707e1a34ff51325c’ or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0×8013141A)
File name: ‘Hello, Version=0.0.0.0, Culture=neutral, PublicKeyToken=707e1a34ff51325c’ —> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0×8013141A)
The Zone of the assembly that failed was:
MyComputer

When we assemble with the keyfile again we resign the new (altered) assembly. Of course this can’t be done if you don’t own the private key part of the original signer . Also the hash of the assembly will be different so all assemblies referencing this assembly have to be recompiled. In short words: You can’t alter a signed assembly.

ilasm Hello.il /out:Hello2.exe /res:Hello.res /key:myKeySet.sln

or

sn -R hello2.exe myKeySet.sln

This results in a new (and definitly other) assembly.

De-assemble and Re-assemble a .Net assembly

A .Net assembly can be de-assembled pretty easy. In this blog I create an assembly and will de-assemble, alter and re-assemble the assembly.

Let’s start with the famous Hello.cs:

using System;

public class Hello
{
    [STAThread]
    static void Main(string[] args)
        {
            Console.WriteLine("Hello World!");
        }
}

build it:

csc /target:exe Hello.cs

de-assemble:

ildasm /out:Hello.il Hello.exe

edit the string “Hello World!” in the Hello.il file to something like “Hello Andre Broers!”

assemble:

ilasm /out:Hello2.exe /res:Hello.res Hello.il

Now we have the altered assembly.

By signing the assembly we can get sure the assembly isn’t tampered with. I will explain this in a next blog.

Install subversion on Windows

First thing is to download and install the svn binaries from : tigris

after this open a cmd shell and issue the command:

svnadmin create “c:\svnrep\”

use the editor and edit the file c:\svnrep\conf\svnserve.conf and uncomment anon-access, auth-access and password-db

### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.tigris.org/ for more information.

[general]
### These options control access to the repository for unauthenticated
### and authenticated users.  Valid values are "write", "read",
### and "none".  The sample settings below are the defaults.
anon-access = read
auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the conf
### directory.  If you don't specify an authz-db, no path-based access
### control is done.
### Uncomment the line below to use the default authorization file.
# authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
# realm = My First Repository

Edit the c:\svnrep\conf\passwd file and uncomment the default users:

### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
harry = harryssecret
sally = sallyssecret

Now the server can be started:

svnserve –daemon –root “c:\svnrep\”

Open another cmd shell:

set SVN_EDITOR=c:\winnt\notepad.exe

C:\>svn mkdir svn://localhost/myproject

The favourite editor should come up and we can edit a description for the new project. after saving and exiting the process goes on.

Authentication realm: <svn://localhost:3690> bb044873-667c-5c43-ab97-faafa55ddce9
Password for ‘abr’: *********
Authentication realm: <svn://localhost:3690> bb044873-667c-5c43-ab97-faafa55ddce9
Username: sally
Password for ’sally’: ************

Committed revision 1.

C:\>svn ls svn://localhost/
myproject/

C:\>

The first project is created.