Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
372 views
in Technique[技术] by (71.8m points)

.net - What is a .snk for?

What is a .snk file for? I know it stands for Strongly Named Key, but all explanations of what it is and how it works goes over my head.

Is there any simple explanation on how a strongly named key is used and how it works?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The .snk file is used to apply a strong name to a .NET assembly. such a strong name consists of

a simple text name, version number, and culture information (if provided)—plus a public key and a digital signature.

The SNK contains a unique key pair - a private and public key that can be used to ensure that you have a unique strong name for the assembly. When the assembly is strongly-named, a "hash" is constructed from the contents of the assembly, and the hash is encrypted with the private key. Then this signed hash is placed in the assembly along with the public key from the .snk.

Later on, when someone needs to verify the integrity of the strongly-named assembly, they build a hash of the assembly's contents, and use the public key from the assembly to decrypt the hash that came with the assembly - if the two hashes match, the assembly verification passes.

It's important to be able to verify assemblies in this way to ensure that nobody swaps out an assembly for a malicious one that will subvert the whole application. This is why non-strong-named assemblies aren't trusted in the same way that strongly-named assemblies are, so they can't be placed in the GAC. Also, there's a chain of trust - you can't generate a strongly-named assembly that references non-strongly-named assemblies.

The article "The Secrets of Strong Naming (archived at the Wayback Machine)". Does an excellent job of explaining these concepts in more detail. With pictures.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...