Creating an Asymmetric Key using a Strong Name File

2014-05-30 - Cryptography, General, Security

Introduction

A Strong Name File (SNF) can be used to "sign" .NET assemblies. I put the word "sign" in quotes, because there is no authentication mechanism provided, so all the signature really can tell you is if two different assemblies are coming from the same source. But that is the main purpose of SNFs anyway: They provide a way to generate a unique identifier for an assembly or a specific version of an assembly, a strong name.

An SNF contains just the public and the private key of an asymmetric key pair. There is no additional information stored in the file. SQL Server can take that information and create an asymmetric key in a database from it.

A Strong (Name) Example

Creating an asymmetric key pair from an SNF involves the CREATE ASYMMETRIC KEY statement using the FROM FILE clause like this:

[sql] CREATE ASYMMETRIC KEY AnAsymmetricKey
FROM FILE = 'AStrongNameFile.snk'
ENCRYPTION BY PASSWORD = '**********';
[/sql]

This will create an asymmetric key in the current database from that SNF:

CREATE ASYMMETRIC KEY FROM FILE in Action.

The SNF in the above example does not have a path specified. If you execute the statement like that, the SNF has to exist in SQL Servers default database directory. However, you can also specify a fully qualified path like this:

[sql] CREATE ASYMMETRIC KEY AnAsymmetricKey
FROM FILE = 'C:\some\folder\AStrongNameFile.snk';
[/sql]

The now specified path is not the only change in this statement. Additionally the ENCRYPTION BY PASSWORD clause is missing. As it is the case with the normal CREATE ASYMMETRIC KEY statement, that means that the private key is going to be encrypted with the database master key.

The SN Tool

Strong Name Files can be created with Microsoft's sn.exe tool. It for example comes bundled with Visual Studio. The exact syntax of how to use it you can look up following the above link. However, one parameter (-k) allows you to specify the key length. While you can specify any key length between 384 and 16384 bits (in increments of 8 bits), SQL Server can only import SNFs that were created with a key length of either 512, 1024 or 2048 bits.

Summary

Microsoft developed Strong Name Files to store a complete asymmetric key pair in them. Such a file can be used to show that for example two assemblies came from the same source. However, it does not provide any authentication information. SQL Server can import such files and use them to create asymmetric key from them.

Categories: Cryptography, General, Security
Tags: , , , ,

Leave a Reply