Each signed .NET has both a public key token (8 byte) and a public key (128 bytes). What is the difference between the 2, and why do we need two public "keys"?
Asked
Active
Viewed 3,953 times
1 Answers
9
Public Key token is just the hash of the public key. Here for info.
UPDATE
Why we need public key?
Since assembly can be signed and signed assemblies will contain the public key. When loading DLL .NET will use the public key to validate the assembly against the signature. Signature can be only generated using the private key while public key itself can be used for validating the signature.
This process makes sure assembly is not tampered with.
From CLR via C#:
Signing an assembly with a private key ensures that the holder of the corresponding public key produced the assembly. When the assembly is installed into the GAC, the system hashes the contents of the file containing the manifest and compares the hash value with the RSA digital signature value embedded within the PE file (after unsigning it with the public key). If the values are identical, the file's contents haven't been tampered with, and you know that you have the public key that corresponds to the publisher's private key. In addition, the system hashes the contents of the assembly's other files and compares the hash values with the hash values stored in the manifest file's FileDef table. If any of the hash values don't match, at least one of the assembly's files has been tampered with, and the assembly will fail to install into the GAC.
UPDATE 2
Why public key token needed? Since public key is too big to work with so (Again from CLR visa C#):
The size of public keys makes them difficult to work with. To make things easier for the developer (and for end users too), public key tokens were created. A public key token is a 64-bit hash of the public key. SN.exe's -tp switch shows the public key token that corresponds to the complete public key at the end of its output. Because public keys are such large numbers, and a single assembly might reference many assemblies, a large percentage of the resulting file's total size would be occupied with public key information. To conserve storage space, Microsoft hashes the public key and takes the last 8 bytes of the hashed value. These reduced public key values—known as public key tokens—are what are actually stored in an AssemblyRef table. In general, developers and end users will see public key token values much more frequently than full public key values. Note, however, that the CLR never uses public key tokens when making security or trust decisions because it is possible that several public keys could hash to a single public key token.
Aliostad
- 80,612
- 21
- 160
- 208
-
Yes, but then why use a public token? – sthiers Mar 30 '11 at 15:37
-
Thnaks for the update Aliostad, but I probably was not clear enough: my question is more about the token: it looks like a redundant data, so I wonder why we need it. Is it just because it's shorter and do not produce long strings? (that seems a bit strange to me to justify the usefullness of the token for that) – sthiers Mar 31 '11 at 07:33
-
@Aliostad hi, if i need to get the public key in order to use it with fullTrustAssemblies , do you know what can I do?.. i try to use sn with no success. thanks in advance... brgds – s_h Feb 28 '12 at 03:25
-
@sebastian_h do you not mean public key token that then you may specify in assembly attributes? – Aliostad Feb 28 '12 at 10:05
-
@Aliostad Hi, I was needing public key as ffulltrustassemblies request to grant different permissions. finally I found the way with sn but it seems that I have a problem with my dev box so -> reinstalling .net and mvc.. thank you for your reply! – s_h Feb 28 '12 at 15:07
-
"%ProgramFiles%\Microsoft SDKs\Windows\v7.1\Bin\sn.exe" -T myfile.dll – Barton Jan 08 '13 at 08:20