• 0

Assembly strong name signing

Asked by ProclaimDragon,

 Share

Question

7 answers to this question

Recommended Posts

  • 0
Grand Master

Eric Veteran

Posted
  • Veteran
Posted

Signing an assembly with a strong name allows you to add it to the global assembly cache and will let others know with reasonable certainty where the module came from. You can have Visual Studio automatically generate a key and sign it or you can use the "SN" utility in the Framework SDK to generate one and add it yourself with attributes. Look in an AssemblyInfo.XXX file from C# or VB for comments on the signing key. Normally you wouldn't sign an assembly that you're still developing unless it is shared and you have to test it that way.

  • 0
Grand Master

Eric Veteran

Posted
  • Veteran
Posted

Your post isn't confusing to me, but please tell us what's confusing you still?

Perhaps this MSDN article might help? CLR Inside Out: Using Strong Name Signatures

Basically the signing gives your specific assembly a unique name so the CLR can't confuse it with a different assembly or different version. It can also be tested to make sure it isn't modified. You don't have to sign them if your exe or dll will be stand-alone. (i.e.: not used as a global file that many applications access from the GAC.)

  • 0
Veteran

ProclaimDragon

Posted
  • Author
Posted
(...)and will let others know with reasonable certainty where the module came from.
It can also be tested to make sure it isn't modified.

From the article:

Strong names prevent spoofing of your code by a third party.
Without access to the private key, a malicious user cannot modify your code and successfully re-sign it.

What I don't understand is how all these things work by just signing the assembly...

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.