Checking an assembly for a strong name

Question

Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name?

Is it enough / secure to compare the values returned from

Answer 1

There is no managed way to check the signature of an assembly and checking the public key leaves you vulnerable to spoofing. You will have to use P/Invoke and call the StrongNameSignatureVerificationEx function to check the signature

[DllImport("mscoree.dll", CharSet=CharSet.Unicode)]
static extern bool StrongNameSignatureVerificationEx(string wszFilePath, bool fForceVerification, ref bool  pfWasVerified);