Monday, July 30, 2007

How to sign a .NET Assembly with a Strong Name

A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key. (The assembly file contains the assembly manifest, which contains the names and hashes of all the files that make up the assembly.)

Security Note: A strong-named assembly can only use types from other strong-named assemblies. Otherwise, the security is already compromised.

It's pretty easy using Visual Studio .net 2005 IDE, but we will also talk about alternatives later.

  1. Go to "Property Pages" of your project from the Solution Explorer.
  2. Select the "Signing" Tab from the list of tabs on the left.
  3. Select the check-box "Sign the Assembly".
  4. Select "New..." from "Choose a strong name key file" drop-down list.
  5. Just finish the dialog by providing strong name key filename(new) and password(optional).

There you go!!

  • Alright, other alternatives are also mentioned here.

First of all, we need a cryptographic key pair to sign an assembly with a strong name.

This public and private cryptographic key pair is used during compilation to create a strong-named assembly. Microsoft has provided Strong Name Tool (sn.exe) to create this key pair in a file with ".snk" extension.

Open the command prompt and type the following command,

sn -k <filename> //e.g. sn -k mySgnKey.snk will create a keypair file named mySgnKey.snk

Delay Signing an Assembly:

If you intend to delay sign an assembly and you control the whole key pair (which is unlikely outside test scenarios), you can use the following commands to generate a key pair and then extract the public key from it into a separate file.

First Command: sn -k mySgnKey.snk

Second Command: sn -p mySgnKey.snk publicSgnKey.snk

Sign an Assembly with a Strong Name using Assembly Linker

al /out:<assembly name> <module name> /keyfile:<file name>

In this command, assembly name is the name of the assembly to sign with a strong name, module name is the name of the code module used to create the assembly, and file name is the name of the container or file that contains the key pair.

al /out:MyAssembly.dll Project.Module /keyfile:mySgnKey.snk

Signing an Assembly with a Strong Name using Assembly Attributes

C# usage: [assembly:AssemblyKeyFileAttribute(@"sgKey.snk")]

VB usage: <Assembly:AssemblyKeyFileAttribute("sgKey.snk")>

Note: When signing an assembly with a strong name, the Assembly Linker (Al.exe) looks for the key file relative to the current directory and to the output directory. When using command-line compilers, you can simply copy the key to the current directory containing your code modules.

How To Reference This Strongly Named Assembly

<compiler command> /reference:<assembly name>

In this command, compiler command is the compiler command for the language you are using, and assembly name is the name of the strong-named assembly being referenced. You can also use other compiler options, such as the /t:library option for creating a library assembly.

The following example creates an assembly called myAssembly.dll that references a strong-named assembly called myLibAssembly.dll from a code module called myAssembly.cs.

csc /t:library MyAssembly.cs /reference:MyProjectAssembly.dll

How To Make a Run-time Reference to this Strongly Named Assembly

We need to use the name of the assembly in following manner...

<assembly name>, <version number>, <culture>, <public key token>

C# usage: Assembly.Load("myAssemby,Version=1.0.0.1,Culture=neutral,PublicKeyToken=7b53aa32d4fc18b1");

VB usage: Assembly.Load("myAssemby,Version=1.0.0.1,Culture=neutral,PublicKeyToken=7b53aa32d4fc18b1")

No comments:

 
Dotster Domain Registration Special Offer