Integration with KeySecure
This section outlines the steps to integrate Microsoft Strong Name with KeySecure.
Strong Name is the part of Microsoft SDK that provides a mechanism to assign unique identities to .NET Framework assemblies. To get a valid strong name, an assembly is strong-name signed during the build process. This is achieved using the private key that corresponds to the public key in the strong name. The strong name signature can then be verified using the public key.
Strong names prevent code spoofing by a third party.
In order to integrate the KeySecure with MS Strong Name follow the steps below:
Run the SafeNetProtectApp CSP Provider using
makecert
command:makecert -sk CSP2TestKey -sp "SafenetProtectApp CSP Provider" –n "CN=Common Name" -r -ss mystore Test.cer
where:
- -sk: The location of the subject’s key container which holds the private key
- -sp: Subject CryptoAPI’s provider name
- -n: The name and details of the publisher’s certificate
- -ss: The name of the subject’s certificate store in which the generated certificate will be stored.
Note
Anything that contains spaces must be in double quotes ("").
Make the SafeNet ProtectApp CSP as a default CSP to use with MS Strong Name:
sn -c "SafenetProtectApp CSP Provider"
Extract the public key from the key-pair generated in step 2, using the following command.
sn.exe -pc CSP2TestKey TestKey.snk
where,
CSP2TestKey
andTestKey.snk
denotes the key container and public key file respectively.Following screen shows the extracted public key:
To sign a .NET assembly, write any C# program and open the Visual Studio command prompt to compile the program and sign the generated exe file. To do so, use the following command:
csc /delaysign+ /keyfile:TestKey.snk C:\Users\Administrator\Desktop\Program.cs
where,
/keyfile
is the public key extracting from the key-pair in the previous command.Note
Anything that contains spaces must be in double quotes ("").
Following screen shows the C# program that you created:
Sign the generated exe with Strong Name using the following command:
sn.exe -Rc C:\Users\Administrator\Desktop\myapp.exe CSP2TestKey
where,
CSP2TestKey
is the key container in which you have generated the key-pair.Verify the assembly is Strong Name signed using the following command:
sn.exe -v C:\Users\Administrator\Desktop\verification.exe