Re: Certification Authority, code signing, code access

"Eugene" <Eugene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Thanks, please see my follow up question below.

"Nicole Calinoiu" wrote:

"Eugene" <Eugene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Hi, can I configure/program my exe/dll to trust on only a
Certification Authority (CA)?

Yes, but you can't make the CLR trust only your CA.
[E] What is the difference between my program trusting it, and CLR
trusting it?

If you want to prevent the CLR from loading an assembly based on the CA that
issued its authenticode signing certificate, you would need to modify the
CLR's behaviour in a way that is not possible without hacking the CLR.
However, you can certainly add a CA verification to your own code that loads
your plug-in assemblies.

[E] Yes, mine is a plug-in scenario, I wouldn't know the exact identity
until runtime. So, I would want to limit plugins that my program would
how should I do this?

The easiest approach would probably involve simply checking the issuing CA
for the assembly signing certificate. For example, if the CA name is enough
for you, something like this should do the trick:

private bool CheckCA(Assembly assembly)
bool retVal = false;

Publisher publisher = this.GetPublisher(assembly);
if (publisher != null)
retVal = (publisher.Certificate.Issuer == "<your CA>");

return retVal;

private Publisher GetPublisher(Assembly assembly)
IEnumerator evidenceEnumerator = assembly.Evidence.GetEnumerator();
while (evidenceEnumerator.MoveNext())
Publisher publisherEvidence = evidenceEnumerator.Current as
if (publisherEvidence != null) return publisherEvidence;

return null;

In the above approach, you don't need to check if the assembly's
authenticode signature is valid since publisher evidence is not issued by
the CLR for an assembly with an invalid signature.

[E] Consider we can obfuscate the code, which makes it harder to modify
the code; how can i "can control criteria for the issuing CA for an
assembly's signature" ? Thanks, I don't have much knowledge or experience
this, I would need a clearer description and help. Thanks again.

If you don't obfuscate the code that performs the CA verification, it would
be trivial to modify your application to eliminate or modify the
verification. Obfuscation just makes it more difficult to find the code
that performs the verification then figure out exactly what it is doing.


Relevant Pages

  • Re: Help How to add publisher condition ??
    ... Sign your assembly with the .SPC file ... already have a private key to embed in the certificate. ... > of my test assembly and see by implementing that publisher certificated ... You are not allowed to sign assemblies that you do not own and ...
  • Re: Do all the .Net products get signed using digital signatures?
    ... verify the entire certificate chain, so assembly load times will be slower ... than with strongly named assemblies. ... At load time the CLR creates a hash ... They bind a public key to an identity. ...
  • Re: OWA published in ISA (SBS 2000)
    ... is that the name on the SSL cert matches the URL used to access the site. ... certificate is current, and that you've chosen to trust the publisher). ... > Merv Porter [SBS MVP] ...
  • Re: OWA published in ISA (SBS 2000)
    ... > You don't have to be hosting a public website (other than OWA). ... > access a website using SSL, your browser checks the SSL certificate for 3 ... > publisher that generated the SSL certificate. ... I would recommend purchasing an SSL cert from a trusted ...
  • Access 2003 Runtime With Digital Certificates
    ... only way to add your certificate to the Trusted Publishers list is through ... this publisher and open them automatically'. ... Subsequent open attempts on DB opens without warning. ... Use Remove button on Trusted Publisher tab to remove ourself from Trusted ...