.NET:可执行文件应该使用强名称签名吗?私有DLL呢? [英] .NET: Should executables be strong-name signed? What about private DLLs?
问题描述
我的应用程序由三个程序集组成:单个EXE引用了两个DLL.这些DLL是我的应用程序专用的-仅由该可执行文件使用.
My application consists of three assemblies: a single EXE which references a couple of DLLs. The DLLs are private to my application - they are used only by this executable.
应该为这些程序集起一个好名字吗?
Should these assemblies be given a strong name?
FxCop建议他们-对于它当前生成的所有程序集:
FxCop suggests that they should - for all of the assemblies it currently produces:
CA2210:标志< assembly>带有强名称键.
CA2210: Sign <assembly> with a strong name key.
但是,此建议说:
通常,应避免对应用程序EXE程序集进行强命名.
In general, you should avoid strong-naming application EXE assemblies.
和
您可能要避免使用应用程序专用的强命名组件.
you may want to avoid strong-naming components that are private to your application.
我应该给这些程序集起一个好名字吗?在这种情况下,这样做(或不这样做)有什么好处?
Should I give these assemblies a strong name? What are the benefits of doing so (or not doing so) in this case?
看看具有相似结构的几个应用程序,似乎在这个问题上没有达成共识. Paint.NET 和 Crack.NET 的名称不是强名称,而 .NET Reflector 和 Snoop 是
Looking at several applications with a similar structure, there seems to be no consensus on this issue. The binaries of Paint.NET and Crack.NET are not strong-named, whereas those of .NET Reflector and Snoop are.
有趣的是,在Expression Suite中,Microsoft采用了后一种方法:例如,在Expression Blend中,他们选择对Blend.exe和随附的DLL(例如Microsoft.Expression.Blend.dll)进行强名称签名.
Interestingly, with the Expression suite Microsoft have taken the latter approach: in Expression Blend, for example, they have chosen to strong-name sign both Blend.exe and the accompanying DLLs (such as Microsoft.Expression.Blend.dll).
对于第一个问题,我似乎不太可能得到一个简单的答案:我应该给这些程序集起一个好名字吗?".但是,我的第二个问题仍然存在:
It seems that I am unlikely to receive a simple answer to my first question: "Should I give these assemblies a strong name?". However, my second question still stands:
在这种情况下强名称签名二进制文件有任何好处吗?或者,不这样做有什么好处吗?
Are there any benefits to strong-name signing binaries in this situation? Or, are there any benefits to not doing so?
如果没有压倒一切的理由,我倾向于给我的议会起个好名字.因此,我很想知道是否有人可以对此进行扩展(从第一个链接开始):
If there are no overwhelming reasons to go either way, I am inclined towards giving my assemblies a strong name. I'd thus be interested in whether anyone can expand upon this (from the first link):
强命名会使管理依赖项变得更加困难,并为私有组件增加不必要的开销."
"strong-naming can make it more difficult to manage dependencies and add unnecessary overhead for private components."
推荐答案
在我看来,在这种情况下,这些是强名称签名的好处:
As I see it, these are the benefits to strong-name signing in this situation:
- 防止攻击者将DLL替换为使用另一个密钥签名的DLL(或根本没有签名),而不替换EXE(因为EXE包含包含公钥的引用).
- 防止攻击者在保留现有密钥的同时修改程序集(因为这将导致签名验证失败).但是请注意,从.NET 3.5 SP1开始,这种情况下的签名验证为
- Prevents an attacker replacing a DLL with one signed using another key (or not signed at all), without also replacing the EXE (since the EXE contains a reference which includes the public key).
- Prevents an attacker modifying an assembly while retaining the existing key (since this will cause signature verification to fail). Note, however, that as of .NET 3.5 SP1, signature verification in this situation is disabled by default.
- Could prevent the application from running with mismatched versions of assemblies - if a DLL has been incorrectly replaced due to a deployment error, the application will fail to load it rather than trying to use a (potentially incompatible) wrong version.
- Avoids FxCop warnings.
以及签名的缺点(我相信这些是链接的文章所指的内容):
And the drawbacks to signing (I believe these are what the linked article is referring to):
- 用兼容的较新版本替换DLL(例如,为了修复错误)需要替换EXE.
- 在.NET版本中< 3.5 SP1中,由于签名验证,强名称程序集的加载时间更长.
- 以名字命名的DLL的加载时间也更长,因为加载器在本地查找之前会对GAC进行搜索(在这种情况下是徒劳的).
选择是强命名(因此需要引用以匹配确切的键和确切版本)还是不强命名(并且既不需要匹配),也似乎很可耻.如果可能需要密钥而不是特定版本,则可能有可能获得签名的前两个好处,而不会同时出现第一个缺点.也许可以通过应用一个强名然后使用app.config处理版本控制问题来做到这一点?
It does seem a shame that the choice is either strong-naming (and thus requiring references to match an exact key and an exact version), or not strong-naming (and not requiring either to match). If it were possible to require a key but not a particular version, perhaps it would be possible to get the first 2 benefits of signing without also getting the first drawback. Maybe this is possible by applying a strong name and then dealing with the versioning issue using app.config?
这篇关于.NET:可执行文件应该使用强名称签名吗?私有DLL呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
