What are security options in Apache Spark

C # Compiler Options: Security Options

  • 2 minutes to read

The following options control compiler security options. The new MSBuild syntax is formatted in bold shown. The older one csc.exe-Syntax is shown in.

  • PublicSign /: Publicly signs the assembly.
  • DelaySign /: Delayed signing of the assembly with only the public part of the strong name key.
  • KeyFile /: Specifies a key file with a strong name.
  • KeyContainer /: Specifies a key container with a strong name.
  • HighEntropyVA /: Activates ASLR (Address Space Layout Randomization) with high entropy.

PublicSign

This option causes the compiler to apply a public key but not actually sign the assembly. With the option PublicSign a bit is also set in the assembly that informs the runtime that the file is signed.

For the option PublicSign need the options KeyFile or KeyContainer be used. The options Keyfile and KeyContainer indicate the public key. The options Delay sign and Publicsign are mutually exclusive. Public signing, sometimes referred to as "fake signing" or "OSS signing", involves putting the public key in an output assembly and setting the "signed" flag. However, public signing does not actually sign the assembly with a private key. Developers use a public signature for open source projects. Developers create assemblies that are compatible with published “fully signed” assemblies when they do not have access to the private key that is used to sign the assemblies. Because few users actually need to verify that the assembly is fully signed, these publicly created assemblies can be used in almost any scenario where a fully signed assembly would be used.

DelaySign

This option allows the compiler to reserve space in the output file so that digital signatures can be added later.

use DelaySign- if the assembly is to be fully signed. use DelaySignif you only want to place the public key in the assembly. The option DelaySign has no effect if not using KeyFile or KeyContainer is used. The options KeyContainer and PublicSign are mutually exclusive. When you request a fully signed assembly, the compiler will hash the file containing the manifest (assembly metadata) and sign it with the private key. This creates a digital signature that is saved in the file that contains the manifest. When an assembly is signed with a delay, the compiler does not compute and save the signature; it simply reserves an area in the file so that the signature can be added at a later time. The compiler only reserves an area in the file so that the signature can be added at a later time.

With DelaySign testers can place the assembly in the global cache. After testing, you can fully sign the assembly by placing the assembly's private key using the Assembly Linker utility. For more information, see Creating and Using Strong Name Assemblies and Deferred Signing an Assembly.

KeyFile

Specifies the file name with the cryptographic key.

is the name of the file with the strong name key. When this option is used, the compiler inserts the public key from the specified file into the assembly manifest and then signs the final assembly with the private key. Enter on the command line to generate a key file. If you are with -target: module compile, the key file name is stored in the module and included in the assembly that is created when you use an assembly with AddModules compile. You can also use your encryption information Key container passed to the compiler. use DelaySignif the assembly is to be partially signed. If both KeyFile as well as KeyContainer are specified in the same compilation, the compiler tries the key container first. If this is successful, the assembly is signed with the information in the key container. If the compiler cannot find the key container, it tries to use the KeyFile specified file to use. If successful, the assembly is signed with the information in the key file and the key information is installed in the key container. The key container is valid the next time it is compiled. A key file may only contain the public key. For more information, see Creating and Using Strong Name Assemblies and Deferred Signing an Assembly.

KeyContainer

Specifies the name of the cryptographic key container.

is the name of the key container with the strong name. If the option KeyContainer is used, the compiler creates a component that can be shared. The compiler inserts a public key from the specified container into the assembly manifest and signs the final assembly with the private key. Enter on the command line to generate a key file. installs the key pair in the container. This option is not supported when the compiler is running under CoreCLR. Use the CoreCLR option to sign an assembly when building it KeyFile. If you are with TargetType compile, the name of the key file is saved in the module and included in the assembly when you run this module with AddModules compile into an assembly. You can also specify this option as a custom attribute (System.Reflection.AssemblyKeyNameAttribute) in the source code for any Microsoft Intermediate Language (MSIL) module. You can also use your encryption information KeyFile passed to the compiler. use DelaySignto add the public key to the assembly manifest but not sign the assembly until it has been tested. For more information, see Creating and Using Strong Name Assemblies and Deferred Signing an Assembly.

HighEntropyVA

The compiler option HighEntropyVA informs the Windows kernel whether a particular executable supports address space layout randomization (ASLR) with high entropy.

This option specifies that a 64-bit executable file or a file created by the compiler option PlatformTarget supports a high-entropy virtual address space. This option is deactivated by default. use HighEntropyVAto activate it.

The option HighEntropyVA allows the compatible versions of the Windows kernel to use higher levels of entropy when the address space layout of a process is randomly determined as part of ASLR. The use of higher degrees of entropy means that a larger number of addresses can be allocated to storage regions such as stacks and heaps. Therefore, it is more difficult to estimate the location of a particular storage area. The compiler option HighEntropyVA requires that the target executable and all modules that depend on it can process pointer values ​​larger than 4 GB when running as a 64-bit process.