Strong Name / Authenticode COM .DLL

[RookPSU]

I've been working with .NET for a while but i've never had to utilize the GAC or work with strong names much.

Long story short, I have 2 legacy COM libraries written in VB6 (one that references the other) that a vendor recently purchased.

They came back however and said that they saw a security concern in the .DLL's not being signed and so they asked if we could strong name and authenticode the .DLL's and their corresponding interops as stated below:

1)mylibrary.dll (strong name and authenticode signed)
2)interop.mylibrary.dll (strong name and authenticode signed)
3)mylibrary2.dll (strong name and authenticode signed)
4)interop.mylibrary2.dll (strong name and authenticode signed)

If I understand correctly I use the TLBIMP.exe tool in conjunction with SN.exe to create the strong named interops from - in this case - mylibrary.dll however I am unsure how to strong name the .dll file itself - or if it's even possible. Any assistance toward this would be greatly appreciated.

 

[BobRodes]

You can't do strong naming on your legacy dll. You can authenticode it with a service like VeriSign.

However, I don't see any reason why you can't disallow public access to your legacy dll's, and create a strong named, authenticoded .Net dll that wraps them and functions as a broker to the public. You can duplicate the interface of your legacy dll's, instantiate their classes, and in each method of your wrapper class simply call the corresponding method in the legacy class.

Does that work?

 

[RookPSU]

I just strong named the Interop's and authenticoded both. I appreciate the help though.

 

[BobRodes]

Yes, that's what I was trying to say. In effect, you wrapped the legacy dlls in a .Net context and strong named that context. Sorry I was a bit unclear, a bit new to .Net. I guess Interop is that .Net context.