Wednesday, October 29, 2008
It is a process of generating partial signature during development with access only to the public key. The private key can be stored securely and used to apply the final strong name signature just before shipping the project.
To use delay signing, follow these five steps:
1.Extract the public key from the key pair. We can use the tool sn.exe for this.
sn - pc keypairfilename ExtractPublicKey.pk
2.The generated public key (ExtractPublicKey.pk) can be used by development team to delay sign assemblies. This is a stage when .NET Framework will not allow us to load the delay-signed assemblies as they are yet not fully signed. Hence it becomes vital to configure our development machines such that it skips strong name signature verification for our key.
Use C# compiler to delay sign assembly as follows:
csc /delaysign+ /keyfile: ExtractPublicKey.pk test.cs
3.To configure the .NET Framework to skip strong name signature verification for the test.exe assembly on development machines:
sn - Vr test.exe
We can also configure our machine to skip all assemblies delay signed with the same key as test application. The following command will do this:
sn - T test.exe
The execution of above command will give us the public key token.
Public key token is b03f5f7f11d50a3a
4.Execute the following command to skip strong name verification for any assembly using the public key token generated above:
sn - Vr *,b03f5f7f11d50a3a
Please note that skipping strong name signature verification is something that should only be done on development machines. It should never be done in production environment as it opens up those machines to assembly spoofing attacks.
5.The fifth step is the final step taken before the deployment of the project to the production. We will use the securely saved private key to generate the final full strong name with sn.exe tool.
sn - Rc test.exe keypairfilename
This completes the process and adds the full signature to the assembly. A pointer to this step is that our delay-signed assemblies now don't need to be rebuilt. Any assemblies that had a reference to the delay-signed assembly also had access to its public key and are therefore able to create a full assembly reference, even though the assembly did not have a full signature.
Note: Delay signing the assemblies is a easy and secure way of protecting the assemblies in the development environment. However please note that with delayed signing on, during testing environment none of the strong name signatures are verified. So there is a trade off.
Also Read other Top Articles
- JSON Serialization in VS 2008
- Implementing Forms Authentication in Silverlight Application.
- Making GridView Rows or Individual Cells Clickable and Selectable.
- Enabling browser back button for GridView Paging and Sorting in Ajax 1.1 and 3.5 (using Visual Studio 2005/ Visual studio 2008)
- How to pass values from User Control to Page or calling Page methods from User Control.
- What is WCF?
- New features in C# 4.0
- C# to VB.NET and VB.NET to C# online free converter tools.