What is the role of public key token?

c# .net

Solution 1:

What is the role of public key token?

The public key token is a small number which is a convenient "token" representing a public key. Public keys are quite long; the purpose of the public key token is to let you refer to keys without saying the whole key. Sort of the same way saying "The Lord of the Rings" is five words which represent a half-a-million-word novel. It would be rather inconvenient if every time you wanted to talk about it, you had to state those half-a-million words.

Does it have any part in decrypting the signed hash?

No. The public key token has no "information" in it. It's just a number that represents a public key. It is not itself a public key.

why are there so many assemblies from Microsoft with the same public key token?

Because they were all signed with the same private key -- Microsoft's private key -- and are therefore all verified with the same public key, and therefore all have the same public key token.

Solution 2:

From Wikipedia

"The public key token is used to make the assembly name unique. Thus, two strong named assemblies can have the same PE file name and yet .NET will recognize them as different assemblies. The Windows file system (FAT32 and NTFS) only recognizes the PE file name, so two assemblies with the same PE file name (but different culture, version or public key token) cannot exist in the same Windows folder. To solve this issue .NET introduces something called the GAC (Global Assembly Cache) which is treated as a single folder by the .NET CLR, but is actually implemented using nested NTFS (or FAT32) folders.

To prevent spoofing attacks, where a cracker would try to pass off an assembly appearing as something else, the assembly is signed with a private key. The developer of the intended assembly keeps the private key secret, so a cracker cannot have access to it nor simply guess it. Thus the cracker cannot make his assembly impersonate something else, lacking the possibility to correctly sign it after the change. Signing the assembly involves taking a hash of important parts of the assembly and then encrypting the hash with the private key. The signed hash is stored in the assembly along with the public key. The public key will decrypt the signed hash. When the CLR loads a strongly named assembly it will generate a hash from the assembly and then compare this with the decrypted hash. If the comparison succeeds then it means that the public key in the file (and hence the public key token) is associated with the private key used to sign the assembly. This will mean that the public key in the assembly is the public key of the assembly publisher and hence a spoofing attack is thwarted. "

Related

phpunit require_once() error
Deleting an app in iTunes Connect
Positioning background image, adding padding [duplicate]
file was built for archive which is not the architecture being linked (i386)
Android ViewModel has no zero argument constructor
How to add a maven repository by url using kotlinscript DSL (build.gradle.kts)
rails server bin/rails:6: warning: already initialized constant APP_PATH error
CloudFront distribution not showing as Route53 alias target
Div Size Automatically size of content
How to find index position of an element in a list when contains returns true
How can I convert a Set to an Array in TypeScript
Fast query runs slow in SSRS