I was researching on Friend Libraries as part of Library Security project for college.
I noticed that one would have to specify the public key when trying to Friend a Strong Named library.
I tested, all of it worked fine, I tried swapping dll into a different project with similar name there also it seemed to as expected i.e fails to expose internal methods to the malicious project.
But what I would like to understand is the inner functionality on how libraries validate the identity of the application or project referring it. Is it checking for hashes of the application to find it or how is it approaching this issue ?
I would also like to learn the level of security this approach offers, If someone were to change the public key mentioned in the library by decompiling it and build it again, will the attacker be able to call functions from a malicious project ?
Thanks & Regards,