only be decrypted with the public key. Let's see an example for each scenario.
Before you send a message to Susan, Susan needs to generate the key pair containing the private key and the public key. Susan then freely distributes the public key to you (and all her other friends) but keeps the private key to herself. When you want to send a message to Susan, you use her public key to encrypt the message and then send it to her. Upon receiving the encrypted message, Susan proceeds to decrypt it with her private key. In this case, Susan is the only one who can decrypt the message because the key pair works in such a way that only messages encrypted with the public key can be decrypted with the private key. Also, there is no need to exchange secret keys, thus eliminating the risk of compromising the secrecy of the key.
The reverse can happen. Suppose Susan now sends a message encrypted with her private key to you. To decrypt the message, you need the public key. The scenario may seem redundant because the public key is not a secret; everyone knows it. But using this method guarantees that the message has not been tampered with and that it indeed comes from Susan. If the message had been modified, you would not be able to decrypt it. The fact that you can decrypt the message using the public key proves that the message has not been modified.
In computing, public key cryptography is a secure way to encrypt information. However, it is computationally expensive, because it is time-consuming to generate the key pairs and to perform encryption and decryption. It is usually used for encrypting a small amount of sensitive information.
To deploy an assembly as a shared assembly, you need to create a signature for your assembly by performing the following steps:
1. Generate a key pair containing a private key and a public key.
2. Write the public key to the manifest of the assembly.
3. Create a hash of all files belonging to the assembly.
4. Sign the hash with the private key (the private key is not stored within the assembly).
These steps guarantee that the assembly cannot be altered in any way, ensuring that the shared assembly you are using is the authentic copy provided by the vendor. The signature can be verified using the public key.
The following sections will show you how to perform each of these steps.
For the client application using the shared assembly, the compiler writes the public key of the shared assembly to the manifest of the client so that it can unique identify the shared assembly (only the last 8 bytes of a hash of a public key are stored; this is known as the public key token and is always unique). When an application loads the shared assembly, it uses the public key stored in the shared assembly to decrypt the encrypted hash and match it against the hash of the shared assembly to ensure that the shared assembly is authentic.
Creating a Shared Assembly
You'll better understand how to create a shared assembly by actually creating one. In this example, you create a library to perform Base64 encoding and decoding. Basically, Base64 encoding is a technique to encode binary data into a text-based representation so that it can be easily transported over networks and Web Services. A common usage of Base64 is in emails.
Using Visual Studio 2008, create a new Class Library project and name it Base64Codec. In the default Class1.cs, define the Helper class containing two methods — Decode() and Encode():
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace Base64Codec {
public class Helper {
public byte[] Decode(string base64string) {
byte[] binaryData;
try {
binaryData =
Convert.FromBase64String(base64string);
return binaryData;
} catch (Exception) {
return null;
}
}
public string Encode(byte[] binaryData) {
string base64String;
try {
base64String =
Convert.ToBase64String(
binaryData, 0, binaryData.Length);
return base64String;
} catch (Exception) {
return string.Empty;
}
}
}
}
To create a strong name for the assembly, you need to sign it. The easiest way is to use the Properties page of the project in Visual Studio 2008. Right-click on the project name in Solution Explorer, and select Properties. Select the Signing tab (see Figure 15-28), and check the Sign The Assembly checkbox. Select <New> from the Choose A Strong Name Key File dropdown list to specify a name for the strong name file.
Figure 15-28
In the Create Strong Name Key dialog (see Figure 15-29), specify a name to store the pair of keys (KeyFile.snk, for instance). You also have the option to protect the file with a password. Click OK.
Figure 15-29
An SNK file is a binary file containing the pair of public and private keys.
A strong name file is now created in your project (see Figure 15-30).
Figure 15-30
Alternatively, you can also use the command line to generate the strong name file:
sn -k KeyFile.snk
With .NET, you can create different versions of the same assembly and share them with other applications. To specify version information, you can edit the AssemblyInfo.cs file, located under the Properties item in Solution Explorer (see Figure 15-31).
Figure 15-31
