DOTNET strong Signature

1. How to use strong signatures

The Windows software development kit (SDK) provides multiple methods to useProgramSet signature:

* Use the Assembly Linker (al.exe) provided by the Windows SDK ).
* Insert strong name information using assembly PropertiesCode. You can use assemblykeyfileattribute or assemblykeynameattribute, depending on the location of the key file to be used.
* Use the/Keyfile or/delaysign compiler options in C # and Visual Basic, or the/Keyfile or/delaysign Linker Options in C ++.

To use a strong name called Assembly signature, you must have an encryption key pair.

* Use the "Assembly Linker" to create an assembly and sign a strong name for it
In the command prompt, type the following command:
Al/out: <Assembly Name> <Module name>/Keyfile: <File Name>
In this command, assembly name is the name of the assembly to be signed with a strong name, and module name is the name of the Code module used to create the assembly, file name is the name of the container or file containing the key pair.
The following example uses the key file sgkey. SNK to sign a strong name for assembly myassembly. dll.
Al/out: myassembly. dll mymodule. netmodule/Keyfile: sgkey. SNK

* Use the property to sign a strong name for the Assembly
In the Code module, add assemblykeyfileattribute or assemblykeynameattribute to specify the name of the file or container for which the key pair is used when a strong name is used for assembly signature.
The following code example uses assemblykeyfileattribute with a key file named sgkey. Snk (located in the directory of the compiled assembly. This assumes that the Assembly is compiled using the command line compiler vbc.exe and.
Visual Basic
<Assembly: assemblykeyfileattribute ("sgkey. SNK")>
C #
[Assembly: assemblykeyfileattribute (@ "sgkey. SNK")]

* Use/Keyfile to sign a strong name for the Assembly
For example:Full/optimize-/out: $ (outdir) \ XXX. dll/Target: Library/Keyfile: C: \ PPK \ xxxprivatekey. SNK. \*. CS

Second, the latency is the Assembly signature.
An organization can have a tightly protected key pair that developers cannot access during daily use. The Public Key is usually available, but the access to the private key is limited to a few people. When developing a strong-name assembly, each assembly that references a target assembly with a strong name contains a tag used to specify a strong-name public key for the target assembly. This requires that the public key be available during development.
You can use a delayed signature or partial signature during production to reserve space for a strong name signature in a portable executable (PE) file, however, you need to delay the actual signature to some later stages (usually before the Assembly is transferred ).

The following steps describe the process of delaying the Assembly signature:
1. Obtain the public key of the key pair from the unit where the final signature will be executed. This key is usually in the form of a. SNK file. You can use the strong name tool (sn.exe) provided by the Windows software development kit (SDK) to create this file.
2. Use the two custom attributes in system. Reflection to annotate Source code :
* Assemblykeyfileattribute, which transmits the name of the file containing the public key as a parameter to its constructor.
* Assemblydelaysignattribute: it passes true as a parameter to its constructor, indicating that a delayed signature is being used. For example:
Visual Basic
<Assembly: assemblykeyfileattribute ("mykey. SNK")>
<Assembly: assemblydelaysignattribute (true)>
C #
[Assembly: assemblykeyfileattribute ("mykey. SNK")]
[Assembly: assemblydelaysignattribute (true)]
3. the compiler inserts the public key into the assembly list and reserves space for the complete strong name signature in the PE file. The real public key must be stored when the Assembly is generated so that other assemblies that reference the Assembly can obtain the key to store it in their own Assembly references.
4. Because the Assembly does not have a valid strong name signature, you must disable the signature verification. You can use the "Strong name" tool with the-VR option to perform this operation.
The following example disables the validation of an Assembly named myassembly. dll.
Sn-VR myassembly. dll
5. Later, the Assembly is usually submitted to the Organization's signature authority before being delivered, so that the-r option can be used with the "Strong name" tool to actually implement a strong name signature.
The following example uses the sgkey. SNK key pair to sign a strong name for the Assembly named myassembly. dll.
Sn-r myassembly. dll sgkey. SNK

3. Create a public key pair
Create a key pair
* In the command prompt, type the following command:
Sn-k <File Name>
In this command, the "file name" is the name of the output file containing the key pair.
The following example creates a key pair named sgkey. SNK.
Sn-K sgkey. SNK
If you need to delay the signing of the assembly and control the entire key pair (the key pair is unlikely to be out of the Test Scheme), you can use the following command to generate the key pair, then, extract the public key to a separate file. First, create a key pair:
Sn-K keypair. SNK
* Next, extract the public key from the key pair and copy it to a separate file:
Sn-P keypair. SNK public. SNK
* After creating a key pair, you must place the file in a location that can be found by the strong-name signature tool.
When the Assembly is signed with a strong name, the Assembly Linker (al.exe) looks for the key files related to the current directory and the output directory. When using the command line compiler, you only need to copy the key to the current directory containing the Code module.

If you are using an earlier version of Visual Studio without the "signature" tab in the project properties, the recommended key file location is the project directory with the file properties specified as follows:
Visual Basic
<Assembly: assemblykeyfileattribute ("... \ .. \ key. SNK")>
C #
[Assembly: assemblykeyfileattribute (@ "... \ .. \ key. SNK")]

4. Reference an assembly with a strong name
The process of referencing a type or resource in a strongly-named assembly is usually transparent. You can reference it during compilation (pre-binding) or runtime.
When you indicate to the compiler that the Assembly explicitly references another assembly, it is referenced during compilation. When you use a compile-time reference, the compiler automatically obtains the public key of the strongly-named assembly as the target and places it in the Assembly reference of the Assembly being compiled.
[Note] Note: an assembly with a strong name can only use other types of assembly with a strong name. Otherwise, the security of an assembly with a strong name is compromised.

Reference during compilation of strong-name assembly
* In the command prompt, type the following command:
<Compiler command>/reference: <Assembly Name>
In this command, compiler command is the compiler command of your language, and assembly name is the name of the referenced strong-name assembly. You can also use other compiler options (for example, the/T: Library option) to create a library program set.

The following example creates an Assembly named myassembly. dll, which references a strongly-named Assembly named mylibassembly. dll from the code module named myassembly. CS.

Indicates an assembly with a strong name during running.
* To use assembly when running .. ::. load or assembly .. ::. to reference a strongly-named Assembly, such as GetType, the display name of the referenced strongly-named assembly must be used. The display name syntax is as follows:
<Assembly Name>, <version number>, <culture>, <Public Key token>
For example:
Mydll, version = 1.1.0.0, culture = EN, publickeytoken = 01_d3a4ae33
In this example, publickeytoken is the hexadecimal form of the public key. If there is no regional value, use culture = neutral.

The following code example shows how to use this information using the Assembly. Load Method.
Visual Basic
Assembly. Load ("mydll, version = 1.0.0.1, culture = neutral, publickeytoken = 9b35aa32c18d4fb1 ")
C #
Assembly. Load ("mydll, version = 1.0.0.1, culture = neutral, publickeytoken = 9b35aa32c18d4fb1 ");

You can use the following powerful name tool (sn.exe) command to output a hexadecimal public key and Public Key tag for a specific assembly:
Sn-TP <Assembly>
If you have a public key file, you can use the following command (note the differences between upper and lower case letters in command line options ):
Sn-TP <Assembly>

five references
create and use strongly-named Assembly: http://msdn.microsoft.com/zh-cn/library/xwb8f617.aspx
strong name tool (sn.exe): http://msdn.microsoft.com/zh-cn/library/k5b5tt23.aspx