Objective: To ensure an adequate level of protection against reversing the assembly.

What has already been tried: the signature was made by the strict name of all the assemblies of the project, but in fact it does not give anything and is stupidly removed by reflexil. It was thought to send some parameters to the server, for example SHA1Token ( sha1 hash from the last 8 bytes of the public key). Those. the calculation was that the reverser could not forge a token, but unfortunately the idea failed, the public key (and the token from it) can be sn.exe with the same sn.exe utility from the studio kit.

Question: what can the use of (test / commercial) digital certificates (signature with signtool ) give for protection, what are the differences from the signature with a strong name? Is it possible to impose one on the other (a certificate for a strict signature)?

  • five
    I could be wrong, but it seemed to me that all the signatures are only protection against fakes, if something picks up your application, it will not put the signature back and the user will see that it is self-defense ... ... - pavel

1 answer 1

Digital signature tasks - certifying authorship and immutability. That is, for a signed data block, you can say who signed it and that, since the moment of signing, the data block has not changed. Signature has no relation to protection against reversing.