Authenticode and ActiveX controls

  • Article

For VB6 developers, one area where asymmetric keys and digital signatures cropped up was the requirement to sign downloadable ActiveX controls using Authenticode. The idea was to sign the controls using a digital signature so that the origin of the control could always be established.

There are a couple of related concepts in .NET that you'll almost certainly come across sooner or later.

Code Access Security

With ActiveX controls, the default behaviour of Internet Explorer was to prevent their download unless they had a valid signature. In .NET the CLR applies a security policy to all loaded code. The CLR evaluates the code and then decides what that code should and should not be able do. So the CLR will look at a particular assembly, see if it has been signed or where it was loaded from etc., and then decide whether that code is allowed to write to the hard disk or open a network connection and so on. All of these policy rules are stored in configuration files, which in previous versions of the framework you could see and edit using a control panel applet. In .NET 3.5 you're expected to edit this configuration using the command line caspol.exe tool (unless you install the .NET 2.0 SDK).

Strong Names

.NET also uses the concept of strong named assemblies. At first sight this looks similar to signing a component using Authenticode, in that strong named assemblies are digitally signed. However the digital signature is used for very different reasons. First of all, if you want to place an assembly in the Global Assembly Cache (GAC) , it must have a strong name. The digital signature makes your assembly unique, even if someone else has installed an assembly with the same name into the GAC. Secondly, a strong name prevents unauthorised tampering with an assembly. So, although someone can disassemble a strong named assembly using Ildasm, they can't put it back together again with the same signature (unless you've given them your private key!). Any change in the signature is automatically detected by users of the assembly, and the tampering spotted. Strong naming is done with the Sn tool.