The NGWS runtime security system provides mechanisms for restricting the actions of code based on its associated evidence. Two types of evidence, strong names (also called shared names) and Authenticode™ publishers, are based on cryptographic keys and digital signature technology. As a result, we have high assurance concerning this evidence for a given assembly.
Using these forms of evidence in imperative identity permission checks is complicated by the fact that one must reference a fairly long sequence of binary data: a public key value in the case of a strong name and an X.509 Certificate in the case of Authenticode publishers. The secutil utility makes it easy to extract this information from an assembly and convert it into a format that can be incorporated into code.
Developers can run secutil specifying the assembly filename containing the evidence that they want to check in the code being developed. The output can then be pasted into the code in the form of a constant definition. This constant value is then used to construct the correct identity permission to check. See System.Security.Permissions.PublisherIdentityPermission and System.Security.Permissions.StrongNameIdentityPermission for information on how to construct these permissions.
secutil [options] Filename
Option | Description |
---|---|
-s or
-strongname |
Extract the strong name (also referred to as the shared name) public key information from the referenced file. The assembly developer defined name and version number are also returned. By default, the public key information is returned in an array format suitable for using in a C#/managed extensions to C++ byte array definition (-a and –c switches).
Only files containing assembly manifests will have strong name information. References other types of files, or private named Assemblies, will return an error. |
-x or
-x509certificate |
Extract the Authenticode™ publisher certificate from the file Filename. By default, the public key information is returned in an array format suitable for using in a C#/managed extensions to C++ byte array definition (-a and –c switches).
Only files that have been Authenticode signed will contain an X.509 Authenticode publisher certificate. References to other types of files will return an error. |
-hex | Return the Strong Name public key or x509certificate as a hex- encoded string. This overrides formatting as a byte array. The –c and –v switches have no effect if this switch is specified. |
-a or
-array |
Return the Strong Name public key or x509certificate as a byte array. This is the default format. |
-c or
-cmode |
Return the Strong Name public key or x509certificate as a byte array formatted for use in a C#/managed extensions to C++ byte array definition. This is the default format. |
-v or
-vbmode |
Return the Strong Name public key or x509certificate as a byte array formatted for use in VB byte array definition. |
-h, help, -? or /? | Displays help information. |
If no command line arguments are supplied, secutil will print help information on available switches and argument order.