Re: [dev-crypto-csharp] bc-fips-1.0.1.1 strong name

Sat, 30 Oct 2021 06:53:30 -0700 

Hi Matthew,
We're not really experts on some of these .NET features, but I can make some comments on the DLL. 


One of the FIPS requirements is to confirm a MAC calculation over the 
DLL to make sure the code hasn't been changed from what was certified.



The DLL has the Portable Executable (PE) file format. Our MAC is 
calculated over this file excepting certain fields associated with the 
strong name and with signatures and certificates (and the MAC storage 
location itself is excluded of course).



Therefore disassembling and reassembling the IL would appear to be 
rearranging the code in a way to break the MAC, and I am unsure if the 
rearranging is preventable. However in principle it should be possible 
to insert/modify a strong name without affecting the MAC (since we 
ignore the field), as long as the file is otherwise unmodified.



Others have asked similar questions and I am fairly sure they were able 
to e.g. code-sign the DLL, but I am unsure if they were adding a strong 
name as part of that.


Regards,
Pete Dettman

On 10/29/2021 10:04 PM, Matthew Sciotto wrote:

Hello Bouncy Castle team,


The bc-fips-1.0.1.1 dll is notstronglynamed. I have tried the standard 
approach of signing using these steps:



1. Open Visual Studio (I'm currently on VS 2019) command prompt in admin 
mode



2. CD to the directory containing the downloaded BC library 
(/bc-fips-1.0.1.1.dll/)


3. Run the command '*ildasm /all /out=[assemblyname].il [assemblyname].dll*


4. Run the command '*ilasm /dll /key=[path to snk keyfile] 
/resource=[assemblyname].res [assemblyname].il*




However, when I use the signed dll as a reference in my application, and 
attempt to run it, I am seeing the following error:





Is there a signed version of the bc-fips-1.0.1.1 core library that could 
be provided?  Any other suggestions?


Thank you in advance!


*Matthew Sciotto | **Engineering Manager*


matthew.scio...@nuix.com <mailto:matthew.scio...@nuix.com>| www.nuix.com 
<http://www.nuix.com/>


**

750 Holiday Drive, Suite 640

Green Tree, PA 15220

Skype: msciotto01 | Twitter: twitter.com/nuix <http://twitter.com/nuix>



Your privacy is important to us. Read our Privacy Policy here: 
https://www.nuix.com/privacy-policy. This email may contain confidential 
or privileged information. If you believe you have received it in error, 
please notify the sender immediately and delete this message without 
copying or disclosing it.

























					Reply via email to