For the ECMA standard to define the public key.
To address three conflicting requirements:
- A mechanism that ensures that assemblies are signed by their creators and cannot be created by a fraudulent other party.
- This CLI should be defined openly so that other people can freely implement the version (Mono will be an example for real life).
- So that a standard class library is provided with each version of the framework.
These three things cannot happen at the same time!
If I create a version of .NET (point 2), then I need to provide a version of the standard library (point 3) that I need to trust (point 1), so I need to sign it to prove that I'm Microsoft. Oh wait, I'm not Microsoft! (eh, paragraph 2 again).
Instead, the following happens:
I create a pair of public and private keys. People who are trusted to create new versions of assemblies in my library library implementation have access to the private key, the public key can be known to anyone who does any work on the CLI implementation.
I mark the corresponding assemblies as signed with the key corresponding to the public key 00000000000000000400000000000000 (defined in the ECMA standard), although they were indeed signed with the private key mentioned above.
In the CLI code, any assembly check that claims to be signed with a key corresponding to the public key of 00000000000000000400000000000000 is checked by a real public key. If this is verified, then it can only be signed by someone we trust to create these assemblies.
Of course, the MS framework will not trust our assemblies, Mono will not trust them, and we will not trust any of them, because we all have different real keys that comply with the ECMA standard. As it should be.
Meanwhile, the fact that 00000000000000000400000000000000 does not match the real valid public key means that it cannot collide with any other public key.
Jon hanna
source share