Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When I add a reference to my project which is a STRONGLY NAMED ASSEMBLY, I am ensured that I will always be using that particular assembly produced by that particular company.
Does this mean that the private key on that strongly-named assembly is copied to my project’s assembly for verification? (I assume to to verify that the refered assembly is not tampered, the hash-code should be copied on the refering assembly in order to compare)
No, if you had access to some other company’s private key, it would mean their private key is compromised and that you can create assemblies successfully pretending to be them.
What actually happens is that you assembly will contain a public key (or a public key token) that can be used to verify that the assembly was created by someone who owns the corresponding private key.
The actual signature of the assembly is not copied, because in some cases (like bugfixes) it makes sense to treat updated version of the assembly you’re referring to as if it was the same as the old one.