From other questions and articles I've read, it sounds as if a signed assembly has been tampered with, it's hash will be different and it will not be run. If that's true, then can I conclude that if an unknown assemlbly's public key matches a known assembly's public key, and .net allows the unkown assembly to run, that the unkown assembly was signed with the same key file and that it has not been tampered with?
BTW, I read this article but it is asking about a signed MSI and it sounds like that may be a different case than a signed .net assembly.
Edit: here's my sample code
static void Main(string[] args)
{
string unknownAppPath = args[0];
byte[] unknownKeyBytes = Assembly.LoadFile(unknownAppPath).GetName().GetPublicKey();
string unknownKeyStr = BitConverter.ToString(unknownKeyBytes);
Assembly asm = Assembly.GetExecutingAssembly();
AssemblyName aname = asm.GetName();
byte[] pubKey = aname.GetPublicKey();
string hexKeyStr = BitConverter.ToString(pubKey);
if (hexKeyStr == unknownKeyStr)
{
Console.WriteLine("Signed by same private key");
}
else
{
Console.WriteLine("Uknown signer!");
}
Console.ReadKey();
}
Further, I read this article which uses a much more involved method. I see in the article that he talks about shortcomings of using public key tokens, but I don't see why not use the entire public key. From the answers so far, that sounds like that's what the public key is for... is the problem in that article that you'd have to try to run the assembly? (he says, "...but you'd be unable to discover this without checking to see if the assembly passes verification.")
Yes; that's how public keys work.
You'll also need to make sure that the assembly isn't in the verification skip list; run sn-Vl in a VS command prompt.