Thursday, 29 September 2011

All About Assembly Signing - Public and Private Key

Why? Purpose?

1)
To verify that an assembly came from a specified trusted source and have not been modified.

For example, you get an assembly from a colleague who says it is from Microsoft. If it's really from Microsoft, the public key that Microsoft has given you will make that assembly usable. Otherwise, if the public key doesn't work, then mean that assembly is not genuinely from Microsoft!

2)
Another purpose is that you have to sign an assembly before it can be installed in the global assembly cache (GAC) where it can be shared by multiple applications

4 ways to sign an assembly:

To sign an assembly you'd usually need a public/private key pair.

  • Using Visual Studio/Project/Proeprties/Signing tab
  • Using AL.exe tool
  • Using AssemblyKeyFile attribute
  • Using AssemblyKeyName attribute
2 ways to create a public/private key pair:
  • Using Visual Studio/Project/Proeprties/Signing tab
  • Using Sn.exe (strong name) tool
How to extract the public key:

sn.exe -p KeyPair.snk PublicKey.snk

How to extract the public key token:

sn.exe -tp PublicKey.snk (this displays the public key in a slightly more sensible way!)
Posted by at 02:06
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)