Is it wrong to use a digital signature to sign a strongly named assembly?

Question

Is it wrong to use a digital signature to sign a strongly named assembly?

I'm curious that thanks to Google research, I found out about digital signatures and much-named assemblies. Apparently, you can use a digital signature to sign a strongly-named build if you are really trying.

I suggest that with this practice, you can get around the purpose of a digital signature by using it in this way.

Microsoft says:

"Strong names alone do not imply such a level of trust as provided, for example, by a digital signature and a confirmation certificate."
- http://msdn.microsoft.com/en-us/library/wd40t7ad%28v=vs.110%29.aspx

Is it right to guess that using a digital signature in this way is actually bad practice that can create a security hole and certainly has no purpose? Or is it even possible? Does a digital signature use as a strong name, perhaps better, and then does nothing? Does it provide additional security beyond the correct digital signature.

+4

c # .net-assembly digital-signature strongname

amalgamate Mar 6 '14 at 20:30

source share

3 answers

?

. .

, .

, . , .

, , ,

, , . , . .

( , ).

, ?

" , , , ".

. , . . .

-, , , .

, ! , . , . , , , , , , . , , , .

, , ?

, .

, (, .)?

? , , - , , , .

?

, .

- , ( , , ( )), , ?

, , . , ?

+10

Eric Lippert 06 . '14 22:32

, . " ": " ". , , ( , .Net ).

, , , ( SSL- HTTPS), .

, , , "", , / "". " FooBar", " /, ".

: "" (, Framework, Microsoft), - " X", .

, - .NET.

+4

Alexei Levenkov 06 . '14 20:45

JimmiTh · Accepted Answer · 2014-03-06T21:41:33+0000

Just dividing this into clear bits, because I'm not quite sure what you are asking.

Can I use a private digital signature key (for example, Authenticode) to name a node?

, , .

?

, , . , , - , . , , , .

, ?

. , , , , , - . - . , .

ETA: , , , , Authenticode ( ).

Is it wrong to use a digital signature to sign a strongly named assembly?

More articles: