在C＃中验证的DLL [英] Authenticating DLLs in C#

问题描述

我有一个exe文件，它使用温莎城堡来实现插件机制。我需要验证插件从我，我的负载来（而不是某些恶意code）。

I have an exe which uses Castle Windsor to implement a plugin mechanism. I need to verify that the plugins I load came from me (and are not some malicious code).

我相信我需要签署双方的EXE和非对称密钥的DLL（可能是SNK？）。首先这是正确的，我该怎么办呢？其次我如何验证编程，该dll的来自于一个可信赖的来源？

I believe I need to sign both the exe and the dll with an asymmetric key (possibly a SNK?). Firstly is this correct and how can I do this? Secondly how can I verify programmatically in the exe that the the dll came from a trusted source?

推荐答案

如果您注册您的DLL，然后在运行时，你可以查看 强名称 的DLL，然后再加载它。

If you sign your DLL then at runtime you can check the StrongName of the DLL before you load it.

您也可以检查公钥用于签名的是，你没有想到的人。

You could also check that the public key used to sign it is the one that you expect.

要得到一个程序集的公钥，你可以这样做：

To get the public key of an assembly you can do this:

Assembly assembly = ...
AssemblyName assemblyName = assembly.GetName();
byte[] publicKey = assemblyName.GetPublicKey();

我只是检查，并有已经这个计算器上的一个很好的答案在这里：

I just checked and there's already a good answer about this on StackOverflow here:

http://stackoverflow.com/a/1350012/106159

这篇关于在C＃中验证的DLL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！