.net - PublicKeyToken 和公钥有什么区别？

Question

每个签名的 .NET 都有一个公钥 token (8 个字节)和一个公钥(128 个字节)。
两者有什么区别，为什么我们需要两个公共(public)“ key ”？

Answer 1

公钥 token 只是 公钥哈希 .这里为 info .

更新

Why we need public key?

由于程序集可以签名，并且签名的程序集将包含公钥。加载 DLL 时，.NET 将使用公钥来根据签名验证程序集。签名只能使用私钥生成，而公钥本身可用于验证签名。

这个过程确保组装不会被篡改。

通过 C# 从 CLR:

Signing an assembly with a private key ensures that the holder of the corresponding public key produced the assembly. When the assembly is installed into the GAC, the system hashes the contents of the file containing the manifest and compares the hash value with the RSA digital signature value embedded within the PE file (after unsigning it with the public key). If the values are identical, the file's contents haven't been tampered with, and you know that you have the public key that corresponds to the publisher's private key. In addition, the system hashes the contents of the assembly's other files and compares the hash values with the hash values stored in the manifest file's FileDef table. If any of the hash values don't match, at least one of the assembly's files has been tampered with, and the assembly will fail to install into the GAC.

更新 2

为什么需要公钥 token ？由于公钥太大而无法使用(再次来自 CLR 签证 C#):

The size of public keys makes them difficult to work with. To make things easier for the developer (and for end users too), public key tokens were created. A public key token is a 64-bit hash of the public key. SN.exe's -tp switch shows the public key token that corresponds to the complete public key at the end of its output. Because public keys are such large numbers, and a single assembly might reference many assemblies, a large percentage of the resulting file's total size would be occupied with public key information. To conserve storage space, Microsoft hashes the public key and takes the last 8 bytes of the hashed value. These reduced public key values—known as public key tokens—are what are actually stored in an AssemblyRef table. In general, developers and end users will see public key token values much more frequently than full public key values. Note, however, that the CLR never uses public key tokens when making security or trust decisions because it is possible that several public keys could hash to a single public key token.