Accueil > Non classé > Sign an assembly file in .NET project

Sign an assembly file in .NET project

14/03/2013 Commenter Allez aux commentaires

Assemblies are the building blocks of the .NET Framework; they form the fundamental unit of deployment, version control, reuse, activation scoping, and security permissions. An assembly provides the common language runtime with the information it needs to be aware of type implementations. It is a collection of types and resources that are built to work together and form a logical unit of functionality. To the runtime, a type does not exist outside the context of an assembly [Microsoft Press].

 

Part 1 :  The signature

The signature. NET it guaranteed the integrity your original content. The process thus takes its meaning in terms of security and guarantee of authenticity of your program.

In. NET, signing an assembly. Net can be segment it into two components:

        • The hash of its contents
        • The strong name

    Part 2 : The strong name

There can be more than one component (DLL) with the same naming, but with different versions. This can lead to many conflicts.

A SN Key is used to uniquely identify a component.

 

A strong name is composed of the :

  • version
  • Name
  • Public key
  • Private key
  • Culture and CPU architecture

Part 3 : Sign an assembly using IDE VS 2010

  • 1- In the properties of your project check «Sign the assembly »

clip_image002

 

  • 2- Enter your key name.
    After enter your key name, Visual Studio will generate a key file : yourKeyName.snk

Your can protect you key name using a password.

clip_image004 

 

Part 4 : Protect your key file with password

Enter a passwrod if you don’t trust the people with access to the assembly.

In general, you should protect it with a password if you don’t trust the people with access to the assembly, which is not common

 

Part 5 : Sign an assembly using Al.exe ( Assembly Linker)

  • First step : Create a key file using sn.exe (Strong Name tool)

clip_image006

Option -Vf can verifies the strong name contained in assembly (-vf forces the verifies even if it has been disabled using the –Vr option).

 

  • Second step : Sign your assembly using Al.exe

image

 

Part 6 : Sign an assembly  using AssemblyInfo file

In the file AssemblyInfo,  add the AssemblyKeyFileAttribute or the AssemblyKeyNameAttribute, specifying the name of the file or container that contains the key pair.

image

 

  • If your assembly have a dependency for another assembly (his parent) you must sign it.

Stay tuned!

Loading

Categories: Non classé Tags:
  1. Pas encore de commentaire
  1. Pas encore de trackbacks


3 + = four