Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

.NET Security Tools Roundup

Seems I've been talking about many tools recently. Just to add to the confusion here are all the security tools that are currently available with Mono:: - at least in CVS ;-)

makecert.exe
This tools lets you create many kind of X.509 certificates, like root (self-signed) certificates, SSL certificates (both client and server) and, more .NET aligned, Software Publisher Certificates for digitally signing PE executable using Authenticode®. This tools is for test purpose only as the generated certificates won't, by default, be trusted by anyone. You need to buy a code-signing certificate from a commercial certificate authority (CA) to be trusted.
cert2spc.exe
This tools let you construct a SPC (Software Publisher Certificate) file (looks grandiose but it's only a PKCS#7 file) out of many certificates (normally a chain) and CRLs. This SPC is the only format supported by signcode so this is a rather important step to sign assemblies.
signcode.exe
This tool lets you digitally sign any PE executable (EXE, DLL, OCX ... and CLR assemblies) using a private key (PVK file generated by makecert.exe) and a Software Publisher Certificate (SPC file generated in steps by makecert.exe and cert2spc.exe>.
chktrust.exe
This tool lets you verify that a PE executable has a valid Authenticode® digital signature embedded into itself.
sn.exe
This tools lets you create a strongname keypair, resign assemblies and verify assemblies signature. Unlike signcode/chktrust the signature isn't binded to it's owner (via a certificate) so it can only assure the integrity of an assembly (not it's origin). Note that the first signature, delayed or not, must be done by the compiler using attributes.
secutil.exe
This tools let you extract a X.509 certificate (Authenticode®) or a StrongName public key from an existing assembly in a format usable by C# or VB.NET (either in decimal or hexadecimal).

All the provided tools are 100% managed (but not all 100% complete) versions of the Microsoft .NET Framework SDK tools. With the exception of secutil.exe all tools requires the assembly Mono.Security.dll to execute. This is just a proof that the current .NET frameworks aren't, by themselves, complete enough to support its own tools. If you need more security stuff than the framework actually provides, have a look at Mono.Security.dll assembly.

Same trick if you ever wondered about the internal of any of those tools, check their source code under /mcs/tools/security for each tool and under /mcs/class/Mono.Security for the Mono.Security.dll assembly. Mono's source code is a great place to learn!

So far so good, now what does the PDC have in store for us? and no I won't be there :( so you all better blog about it! If you do I'll keep silent, if you don't...


10/15/2003 19:28:50 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.