Re: Certification Authority, code signing, code access



"Eugene" <Eugene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:83483BE8-9674-4302-8084-C506DA0F8533@xxxxxxxxxxxxxxxx
Thanks, please see my follow up question below.

"Nicole Calinoiu" wrote:

"Eugene" <Eugene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1036870E-A959-47A1-B17D-BA2F1939D150@xxxxxxxxxxxxxxxx
Hi, can I configure/program my vb.net exe/dll to trust on only a
particular
Certification Authority (CA)?

Yes, but you can't make the CLR trust only your CA.
[E] What is the difference between my program trusting it, and CLR
trusting it?

If you want to prevent the CLR from loading an assembly based on the CA that
issued its authenticode signing certificate, you would need to modify the
CLR's behaviour in a way that is not possible without hacking the CLR.
However, you can certainly add a CA verification to your own code that loads
your plug-in assemblies.

[E] Yes, mine is a plug-in scenario, I wouldn't know the exact identity
until runtime. So, I would want to limit plugins that my program would
load;
how should I do this?

The easiest approach would probably involve simply checking the issuing CA
for the assembly signing certificate. For example, if the CA name is enough
for you, something like this should do the trick:

private bool CheckCA(Assembly assembly)
{
bool retVal = false;

Publisher publisher = this.GetPublisher(assembly);
if (publisher != null)
{
retVal = (publisher.Certificate.Issuer == "<your CA>");
}

return retVal;
}

private Publisher GetPublisher(Assembly assembly)
{
IEnumerator evidenceEnumerator = assembly.Evidence.GetEnumerator();
while (evidenceEnumerator.MoveNext())
{
Publisher publisherEvidence = evidenceEnumerator.Current as
Publisher;
if (publisherEvidence != null) return publisherEvidence;
}

return null;
}

In the above approach, you don't need to check if the assembly's
authenticode signature is valid since publisher evidence is not issued by
the CLR for an assembly with an invalid signature.


[E] Consider we can obfuscate the code, which makes it harder to modify
the code; how can i "can control criteria for the issuing CA for an
assembly's signature" ? Thanks, I don't have much knowledge or experience
on
this, I would need a clearer description and help. Thanks again.

If you don't obfuscate the code that performs the CA verification, it would
be trivial to modify your application to eliminate or modify the
verification. Obfuscation just makes it more difficult to find the code
that performs the verification then figure out exactly what it is doing.



.