Ok, I should have posted in the .Net forum perhaps, but first I need to know if the whole idea is meaningful :-) I want a reliable way to verify if a given plugin for my application has been written by me (actually, the company I work for). What I thought was to create a file (at compile time) containing the hash values for all the assemblies of the plugin, and then encrypting that file with a private key. When the main program loads the plugin it decrypt that file with the public key (althought it will be hidden somehow) and checks the hashes against all the assemblies. If this test succeedes, the plugin is allowed to run. Is this The Evil, or is this a standard way to do this sort of things? And wich are the best .net classes to do this (It seems that RSACryptoServiceProvider should do the job, but I'm not sure how the private and public keys should be handled, i.e. generated and deployed). Thank you!

Thank you, I know about strong names but for some reason the main developer of the application would like to avoid it, thought I suppose we could reconsider that if there are not good alternatives...

I think that he wanted to build a tool to automatically sign some of the files (not only assemblies) base on certain conditions.

That said, I think I solved by creating a list of filenames/hashes and writing it into a file. Then I use DSACryptoServiceProvider to sign that list.
The client checks the signature of that list file. If the test succedees, it tests every listed file against the provided hash.

I made a simple tool to do that and it seems to work.
Thank you anyway for answering!