. NET Assembly delayed Signature

One advantage of a strongly-named assembly is tamper-proofing. Assume that I have an Assembly named MyDll. dll. If I use my own private key for signature and hash the content in the Assembly, if others do not know my private key, you cannot tamper with this Assembly to perform some malicious behavior.
However, for the development of some large programs, the private key is generally not public. Of course, the public key that matches it is public and can be freely distributed. So how to ensure that developers use a strongly-named assembly in the development process (for example, to put it in GAC, it must be a strongly-named assembly ). Delayed signature is for this purpose.
Take MyDll. dl as an example:
1) generate a public/private key pair
Sn-k Company. snk
2) extract the public key and keep the private key safe.
Sn-p Company. snk public. snk
3) Delayed signature of the Assembly
Csc/keyfile: public. snk/delaysign/t: library MyDll. cs
4) Let CLR trust the Assembly content without performing hash Processing
Sn-Vr MyDll. dll
Since the above name will add corresponding items in the registry, you only need to execute the same Assembly once.
In this way, MyDll. dll can be installed in GAC (if you want)
5) other developers can reference this Assembly, just like a strongly-named assembly.
6) if the development is complete and the final deployment is required, the private key must be used for signature.
Otherwise, someone can use this public key to make the same assembly to replace your assembly and do some bad things.
In short, the security of the Assembly will be greatly reduced. To this end, let the person who saves the private key complete the following signature
Sn-R MyDll. dll Company. snk
Note: we cannot extract the private key separately. The private key and public key are in a file. The public key can be extracted separately for distribution.
7) enable verification. The Registry Key in 4) will be removed accordingly.
Sn-Vu MyDll. dll