Monday, October 4, 2010

Delay Sign in Assembly

What is delay Signing?

Delay signing allows you to place a shared assembly in the GAC by signing the assembly with just the public key. This allows the assembly to be signed with the private key at a later stage when the development process is complete and the component or assembly is ready to be deployed. This process enables developers to work with shared assemblies as if they were strongly named and it secures the private key of the signature from being accessed at different stages of development.

How to do it for an assembly?

Step 1. Create a public Key File for Delay Signing

To create a public key file for delay signing

  1. Create a key pair for your organization.sn.exe -k keypair.snk

  2. Extract the public key from the key pair file. sn -p keypair.snk publickey.snk

  3. Protect Keypair.snk, which contains both the private and public keys. For example, put it on a compact disc or other hardware device, such as a smart card, and physically secure it.

  4. Make Publickey.snk available to all developers. For example, put it on a network share.

Step 2. Delay sign your assembly

This procedure is performed by developers.

To delay sign an assembly

  1. In Visual Studio .NET 2005, In the Class Project, display the project properties.



  1. Click the Signing tab, and select the Sign the assembly and Delay sign only check boxes.

  2. In the Choose a strong name key file: drop-down box, select <Browse…>.

  3. In the file selection dialog box, browse to the public key (.snk) and click OK.

  4. Build your assembly. The complier will build a strong named assembly signed using the public key from the selected key pair (.snk) file. Note A delay signed project will not run and cannot be debugged. You can, however, use the Strong Name tool (Sn.exe) with the -Vr option to skip verification during development.

  5. The delay signing process and the absence of an assembly signature means that the assembly will fail verification at load time. To work around this, use the following commands on development and test computers.

    • To disable verification for a specific assembly, use the following command.

    sn -Vr assembly.dll

    • To disable verification for all assemblies with a particular public key, use the following command.

    sn -Vr *,publickeytoken

    • To extract the public key and key token (a truncated hash of the public key), use the following command.

    sn -Tp assembly.dll Note Use an uppercase -T switch.

  6. To fully complete the signing process and create a digital signature to make the assembly tamper proof, execute the following command. This requires the private key, and as a result the operation is normally performed as part of the formal build/release process. The following command uses key pair contained in the Keypair.snk file to re-sign an assembly called Assembly.dll with a strong name. sn -R assembly.dll keypair.snk

Posted by at
Labels:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)