NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Creating the token for a shared name

We use a fixed size “token” to refer to a shared name namespace. This is computed using a hash function from the public key associated with the namespace. This hash operation is used to:

Note that by using this approach, forging a shared name requires finding a public/private key pair that will generate a known token. This is extremely difficult given modern message digest algorithms.

The SHA-1 has function has the desired properties and is readily available since we assume its use in generating the shared name. A drawback to SHA-1 is that it generates a 160-bit value. This is much smaller than typical RSA signature keys (512 bits or larger), but is larger than the key size typically used for some other algorithms such as ECC. To reduce the size of the token, the low-order 64-bits of the SHA-1 hash will be used as the token value. This has adequate strength for our needs. This token size should not be assumed to always be 64-bits as it may be necessary to change this in the future.

To create a token, the public key blob is normally extracted from the referenced Assembly manifest in a PE file (the PublicKeyBlob structure in the metadata). For some scenarios, it is also desirable to generate the token from a public key blob structure. Both methods are supported.

   BOOL StrongNameTokenFromAssembly(  
      // [in] valid path to the PE file for the Assembly
      LPCWSTR         szFilePath, 
      // [out] strong name token 
      BYTE             **ppbStrongNameToken, 
      ULONG          *pcbStrongNameToken)

   BOOL StrongNameTokenFromPublicKey(  
      // [in] public key blob
      BYTE            *pbPublicKeyBlob,
      ULONG            cbPublicKeyBlob)
      // [out] strong name token 
      BYTE              **ppbStrongNameToken, 
      ULONG           *pcbStrongNameToken)

We return both the token and its size for future flexibility. The 64-bit token size may need to be increased at some point in the future, so tools should not hard code in an assumed token size.

As with other functions, the buffer to hold the token will be allocated by the function. It should be freed when no longer needed by calling StrongNameFreeBuffer().