Checking an assembly for a strong name
Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name?
Is it enough / secure to compare the values returned from AssemblyName.GetPublicKey() method?
Assembly loaded = Assembly.LoadFile(path);
byte[] evidenceKey = loaded.GetName().GetPublicKey();
if (evidenceKey != null)
{
byte[] internalKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (evidenceKey.SequenceEqual(internalKey))
{
return extension;
}
}
Can't this be spoofed? I am not sure if the SetPublicKey() method has any effect on a built assembly, but even the MSDN documentation shows how you can use this on a dynamically generated assembly (reflection emit) so that would mean you could extract the public key from the host application and inject it into an assembly of your own and run mallicious code if the above was the safe-guard, or am I missing something?
Is there a more correct and secure approach? I know if the reversed situation was the scenario, that is, where I wanted to secure the assembly from only being called by signed hosts then I could tag the assembly with the StrongNameIdentityPermission attribute.
Answer
There's little point in testing the strong name after the assembly got loaded. An attacker could simply inject a module constructor in the assembly and execute any code desired. The .NET 3.5 SP1 version of the framework followed suit and is no longer verifying the strong name of assemblies that get loaded from trusted locations. Startup times improve by about 40%.
The key point is: once an attacker compromises the machine to a point where he is able to inject an assembly in the probing path of your application, he won't bother doing it the hard way. He'd just replace your EXE file.