3

I have executables written in C#. I want to try this situation on my windows service. Normally we started the executable in our program using the code below:

Process process = new Process(); 
process.StartInfo.FileName = applicationpathandname.exe; 
process.Start();

I want to compare my executable for sign or password before i start it. If the sign or password doesn't match it should exit the main program in the Windows service. So my pseudocode would be like this:

*/load exe
*/compare sign or password of my assembly
*/if match start exe 
*/else exit main program

In effect, I have two questions:

  1. Can I sign or password protect any executable or assembly?
  2. Can I reach that sign or password executable in my other C# program?
Yuck
  • 49,664
  • 13
  • 105
  • 135
enginocal
  • 309
  • 1
  • 5
  • 19
  • do you want to encrypt the exe? sure you could do this (encrypt the exe end decrypt it before calling it) but why would you want this? It's your server why protect the exes from your own service? – Random Dev Aug 25 '11 at 14:55
  • MSFT has the signtool to perform the actual code-signing and it can be automated. Verifying the signature is valid is done by the OS when the app starts up –  Aug 25 '11 at 14:56
  • oh ... I think I got it - you want to start only exes you can be sure are ok - like the situation on XBox, WinPhone, etc. where the programms need to be signed by Microsoft in order to run on the devices - right? – Random Dev Aug 25 '11 at 14:56
  • exactly u said CKoenig,i want to start can be exactly sure that signed exe, at first i added snk files in my solutions,but i cant read that snk files includes password. – enginocal Aug 25 '11 at 14:59

2 Answers2

1

I am not sure sure if I got your qustion right, but I'll try my best.

You can strong-name your assemblies with the sn tool. Here is a short tutorial: http://sharpertutorials.com/creating-strong-named-assemblies/enter link description here

You can then add the created snk file to your projects in the solution. as a different option, instead of adding it manually in the

[assembly: AssemblyKeyFile("c:\\mykey.sn")]

attribute (like it is said in the article), you can even easier define it in the properties of each project under the tab Signing => Sign the assembly and enter the path to your snk file there.

After strong-naming the assemblies you can perform some checks on its password:

Checking an assembly for a strong name

Community
  • 1
  • 1
Jens H
  • 4,590
  • 2
  • 25
  • 35
  • thanks for your answer,but this way very expensive for me,because when i'll have a more(for example 10 or more) executables,this solution bring weight that alot of key,so this way binding to keep public keys. – enginocal Aug 26 '11 at 06:57
  • You do **not** need a new key for every aseembly! Preferebly you only create *one* to always sign them to verify that it was **you** who created them. Or you create one for each application if you want to distinguish between them. – Jens H Aug 26 '11 at 07:28
0

I think in the end you want to hash the complete exe with SHA or another cryptographic-hash and use some encryption-algorithm (can be symmetric as you do the signing yourself I guess) with a salt value to encrpyt this hash. Then either pack the files-content together with the encrpyted hash and the salt-value into another file or add only the hash+salt in a additional file besides the exe.

On runtime to the same again: get the bytes of the exe (or from the combined file) hash them and compare if the hash is the same as the decrpyted hash.

If yes you can run the programm, if no there is some mischief going on or some bytes got flipped ;)

Random Dev
  • 51,810
  • 9
  • 92
  • 119
  • CKoenig ;the way is the nearest i want.but i have a doubt for this cause can my executables have a same hash,if it isnt that load expensive because i must keep hash values for my executables at this way. – enginocal Aug 26 '11 at 07:07
  • no if you encrypt them you can save them beside the executable (or write them together with the exes-bytes in a new file) - you just have to check before running – Random Dev Aug 26 '11 at 07:15