代码签名程序集的启动时间 [英] Startup time of code signed assemblies

问题描述

阅读几篇文章，似乎最多提到延迟的初创公司只是.NET 1.1和2.0的一个问题？

我们还有一些VB6和c ++应用程序，这里的启动时间不应该通过代码签名产生任何影响吗？

或者代码签名一般减慢应用程序，因为该过程是同步的，仅适用于.NET< 4情况更糟？

在每次启动应用程序时都会进行在线检查，或者只在应用程序第一次启动时检查一次然后缓存在某处，缓存可能有效n天？

如果没有缓存：

代码是否签署了具有相同签名的n依赖关系的应用程序，对每个应用程序进行在线检查，或仅在应用程序上进行？

解决方案

您好 JannyD ，

感谢您发布在这里。

>>似乎最多提到延迟的初创公司只是.NET 1.1和2.0的问题

<我不确定这是.NET 1.1和2.0的延迟启动问题。您是否从官方文档中看到了延迟启动问题？

据我所知，延迟时间是创建
发布商 汇编的证据。  我认为这是代码访问安全机制。

如果您不需要
发布者 证据，你不能浪费时间。

>>因为该流程是同步的，仅适用于.NET< 4它更糟糕？

在.NET 4.0版本之后，.NET Framework为托管应用程序提供了一个双层安全模型。这是另一种方法，而不是发布者证据。 在该容器中，托管应用程序运行完全受信任

我不认为发布者的证据更糟。

公共语言运行时（CLR）尝试在加载时验证Authenticode签名

Best 此致，

Hart

Read several articles, seems most mention that the delayed startups were just an issue with .NET 1.1 and 2.0?

We have also some VB6 and c++ applications, the startup time here shouldn't have any affect through code signing?

Or will code signing in general slow down applications, since the process is synchronous, just for .NET < 4 it was worse?

Will the online check happen on each start of the application, or will it only check once, the first time the application gets started and is then cached somewhere and the cache is probably valid for n-days?

In case it is not cached:

Would an code signed application with n-dependencies that are signed with the same signature, make online checks for each of those, or just on the application?

解决方案

Hi JannyD,

Thank you for posting here.

>>seems most mention that the delayed startups were just an issue with .NET 1.1 and 2.0

I am not sure that this is a delayed startup issue for .NET 1.1 and 2.0. Did you see delayed startup issue from official document?

As far as I know that the delay time is to create Publisher evidence for the assembly.   I think that this is code access security mechanism.

If you don't need Publisher evidence, you can not waste the time.

>>since the process is synchronous, just for .NET < 4 it was worse?

After .NET 4.0 version, The .NET Framework provides a two-tier security model for managed applications. that is another method instead of publisher evidence.  Within that container, managed applications run fully trusted

I don't think the publisher evidence is worse.

The common language runtime (CLR) tries to verify the Authenticode signature at load time

Best  Regards,

Hart

这篇关于代码签名程序集的启动时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！