Information Technology Reference
In-Depth Information
Strongly Named Assemblies
A
strongly named
assembly is one that has a unique digital signature attached to it. Strongly
named assemblies are much more secure than assemblies that do not have strong names, for
the following reasons:
Uniqueness of the assembly. No one else can create an assembly with the same strong
name, so the user can be sure that the assembly came from the claimed source.
The contents of an assembly with a strong name cannot be altered without the security
components of the CLR catching the modification.
A
weakly named
assembly is one that is not strongly named. Since a weakly named assem-
bly does not have a digital signature, it is inherently insecure. Because a chain is only as strong
as its weakest link, strongly named assemblies can access only other strongly named
assemblies.
The programmer does not produce the strong name. The compiler produces it by taking
information about the assembly and hashing it to create a unique digital signature that it
attaches to the assembly. The information components it uses in the hash process are the
following:
The sequence of bytes composing the assembly
The simple name
The version number
The culture information
The public/private key pair
