1. Strong Name Tool – SN
Dotnet provides dll and exe in the form of assemblies. We can build the assemblies with Strong Names so that only authorised persons can make code change. DotNet provides a tool called Strong Name tool and using that we can create Security Keys. In this example, we will learn the following:
- Create Private-Public Key Pairs.
- Extract only public key from the Pair.
- View Public Key & Token
- Store the Keys in a Key Container
2. Generating Key-Pairs using Strong Name Exe
The below command generates the Key-Pair and stores that in a file called TestKey.snk on a folder C:\Temp2.
- SN – is the command and it stands for Strong Name.
- K – This switch specifies that we want to generate the Key-Pair.
- Name and Location of the Key Pair file.
- Shows that Key Pair was written successfully.
The Key-Pair is a combined key file which includes both Private and Public keys. From this Key-Pair combination, we can also fetch the public key and store that in a separate file.
3. Extract Public Key from Key Pair File
In the previous section, we generated the Key File which is a combination of public as well as private keys. The below command extracts public key from key pair and stores that in a separate file.
- The command – Strong Name
- The switch -p tells, we want to extract public key from the Key file.
- Name of the source file. Note, this was file we created in the previous section which contains both public and private keys.
- This tells under what location we want to save the public key file. In our case we named this file as TestPublicKey.snk
- When all goes well, we will see a message stating public key is ready in a separate file.
Now, we have a separate file for the public key. How do we see the content?
4. View the Token & Hashing of Public Key File
With strong name key, we can supply the switch -tp to view the public key content. For more details look at the command below:
- The switch -t tells we want to view the public key token only. A token is short form the public key for easy identification. But it is not the actual key.
- Name of the Public Key file which stores the public key.
- Shows simplified version of the public key often called as Key Token.
- The switch -tp tells we want to see complete Hashing of the public key as well as the simplified token.
- Name of the Public key file which we want to view.
- Hash Code of the public key. This is complex to compare and time consuming for human eyes. For computers it is easy. For this same reason, we have the public key token if we need to check public key is right one.
5. Using Key Container via Strong Name
Public key can be shared and there is no need to protect it. But the same is not true with the private key and when it is in wrong hand, they can modify your assembly and pose a security threat to your customer. So, it is good idea to keep the combined key file in a Key Container which will be taken care by the windows security system. Once the Key Pair is in the container, the file can be deleted. Now look at the command below:
- The switch -I tells that we want to install the key file into a container.
- Name of the key file which contains both private and public keys.
- Name of the container in which the key file will be guarded.
- The command output tells that Key-pair is kept in the container.
Once you see the message, you can delete the Key File say TestKey.snk. This way we can protect the private key bundled in the Key file. If you do not want the container, you can issue the delete command. This will delete all the key files in a container. Below is the command:
- The switch -d tells delete the container
- Name of the container. Note, if the container has more than one key file, all will be deleted.
- After successful execution of the command, the message indicates Key Container is deleted. This infers that, all the keys it had also got deleted.
The generation and storing of the private and public key are useful when you want to deal with the security. This will be useful when you want to build the assembly with a Strong name key so that you claim the whole proprietary of the code.