.NET核心程序集中的特殊PublicKey [英] Quite special PublicKey in .NET core assemblies
问题描述
我注意到核心.NET程序集的PublicKey =00000000000000000400000000000000。不仅它更短,而且那些sn.exe允许生成(最少384位),而且它还有很多零。
I've noticed that core .NET assemblies have PublicKey = 00000000000000000400000000000000. Not only it's shorter then those sn.exe allows to generate (min 384 bits) but also it has a lot of zeros.
如何使用如此花哨的公钥生成签名密钥?
How to generate signing key with such a fancy public key?
推荐答案
这是ECMA标准定义的公钥。
That's the ECMA Standard defined public key.
要处理三个相互矛盾的要求:
It's to deal with three conflicting requirements:
- 一种机制,可确保程序集由其创建者签名,并且不能由欺诈的另一方创建。
- 以如下方式公开定义CLI:人们可以自由地实现一个版本(Mono就是一个现实的例子)。
- 每个框架版本都提供一个标准的类库。
这三件事不能同时发生!
These three things can't happen at the same time!
如果我创建了一个.NET版本(第2点),那么我需要提供标准库的版本(第3点),该版本需要受信任(第1点),因此我需要对其进行签名以证明我是Microsoft。哦,等等,我不是Microsoft! (还是第二点)。
If I create a version of .NET (point 2), then I need to provide a version of the standard library (point 3), which needs to be trusted (point 1), so I need to sign it to prove that I'm Microsoft. Oh wait, I'm not Microsoft! (eh, point 2 again).
相反,发生的事情是:
-
我创建一个公共-私人密钥对。可以信任的人可以在我的框架库实现中构建程序集的新发行版,他们可以访问私钥,在CLI实现上进行任何工作的任何人都可以知道公钥。
I create a public-private key pair. People trusted to build new release versions of the assemblies in my framework library implementation have access to the private key, the public key can be known to anyone doing any work on the CLI implementation.
我将相关程序集标记为已使用与公钥 00000000000000000400000000000000 (在ECMA标准中定义)相对应的密钥进行了签名
I mark the relevant assemblies as having been signed with the key corresponding to the public key 00000000000000000400000000000000 (defined in the ECMA standard), though really they were signed with the private key mentioned above.
在CLI中的代码中,对声称已用对应于公钥的密钥签名的程序集进行的任何检查使用真实的公钥检查 00000000000000000400000000000000 。如果此检查成功,则只能由我们信任的人来建立这些程序集。
In the code in the CLI any check on an assembly that claims to have been signed with the key corresponding to the public key 00000000000000000400000000000000 is checked with the real public key. If this checks out, then it can only have been signed by someone we trust in building those assemblies.
当然,MS的框架将不信任我们的程序集,Mono的框架将不信任它们,并且我们将不信任它们中的任何一个,因为我们所有人都有与ECMA标准密钥相对应的不同实数键。
Of course, MS's framework won't trust our assemblies, Mono's won't trust them, and we won't trust either of theirs, because we all have different real keys corresponding to the ECMA standard key. Which is as it should be.
同时, 00000000000000000400000000000000 与任何实际有效的公钥都不匹配意味着它不可能与任何其他公钥冲突。
Meanwhile, the fact that 00000000000000000400000000000000 doesn't match any real valid public key means it's not possible for it to clash with any other public key.
这篇关于.NET核心程序集中的特殊PublicKey的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
