Re: Code Signing And Hacking

From: Andreas Hakansson (andreas.hakansson_at_nospam.com)
Date: 10/15/04

• Next message: Morten Lyhr: "Href/Exe and Async SWE 2.0SP1 CAS Security error"
• Previous message: Sparky: "Re: Security Context in Threads"
• In reply to: Eugene Mayevski: "Re: Code Signing And Hacking"
• Next in thread: Eugene Mayevski: "Re: Code Signing And Hacking"
• Reply: Eugene Mayevski: "Re: Code Signing And Hacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 15 Oct 2004 09:45:41 +0200

"Eugene Mayevski" <mayevski@eldos.org> skrev i meddelandet
news:uz$MggjsEHA.1468@TK2MSFTNGP12.phx.gbl...
> Hello!
> You wrote on Thu, 14 Oct 2004 10:53:32 -0700:
>
> V> 1. Is it possible to Recompile back into executable (since the original
> V> one was signed) and the hacker dont have a certificate?
>
> Yes.
>
> V> 2. If (1) is true, then would runtime detect that it has been hacked?
>
> No.
>
> Code signing is not aimed to protect you against the hacker, but to
> identify
> the vendor of the package. All in all, signing is signing and not
> encryption. If you want to protect the code, then start with obfuscation
> and
> see more specific topics about this.

Not quite sure, but if he is talking about strong naming then your statement
is
untrue. When you strong name an assembly, a SHA1 hash is created of your
assembly which in turn is encrypted with the private key. The encrypted hash
is then placed in your assembly along with the public key. These two
(encrypted
hash and public key) is refered to as a digital signature of your assembly.

Tampering would be impossible since when loaded, the CRL computes a SHA1
hash of the assembly, the public key is used to decrypt the encrypted hash,
created
when the assembly was signed. It then compares the two and determins if they
are
the same. If not then the CRL assumes it's been corrupted in some way
(tampering
being one possible explination).

So strong naming provides both a way of identifiying if the code is from a
specified
(and perhaps trusted) source as well as way to determin if it has been
tampered with.

> With best regards,
> Eugene Mayevski

HTH,

.Andreas

---

• Next message: Morten Lyhr: "Href/Exe and Async SWE 2.0SP1 CAS Security error"
• Previous message: Sparky: "Re: Security Context in Threads"
• In reply to: Eugene Mayevski: "Re: Code Signing And Hacking"
• Next in thread: Eugene Mayevski: "Re: Code Signing And Hacking"
• Reply: Eugene Mayevski: "Re: Code Signing And Hacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Signing before Encryption and Signing after Encryption ... The property that a hash match is supposed to verify (is this ... Signing before Encryption and Signing after Encryption ... Signing with symmetric keys is a lot more ... (Security-Basics) Re: Signing before Encryption and Signing after Encryption ... Hash: SHA1 ... Encryption and Signing after Encryption ... are signature schemes that only require symmetric keys. ... (Security-Basics) RE: Signing before Encryption and Signing after Encryption ... If both asymmetric keys are used, the private key needs to be ... This only works if the encryption is NOT transitive, ... If the signing is done over the whole message and not just the ... hash of the message with your private key. ... (Security-Basics) Re: Encryption keys ... In other words, since the public key is public, anyone can ... cert plus the time stamp on the server), ... > simple hash like SHA1or something, then it is pretty easy to brute ... >> SSL uses asymmetric encryption, ... (microsoft.public.dotnet.general) Re: using certificates in Outlook for encryption ... private and a public key. ... While this does provide privacy (encryption), ... would then digitally sign the encrypted message with your private key. ... the hash is then encrypted using your private key. ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)