I have a c# solution that contains multiple c# class libraries. I am being doing some research recently and it is suggested that the outputted assemblies from my libraries should be signed, making them signed with a strong name. Firstly I am wondering if it is best that I progress with such? The libraries that outputted from these class libraries are used in multiple other projects.
If it is advised from my previous question that yes I should sign my dll's, the .snk I use, can this be used for each of the class libraries in the solution? Or must it be one key per class library?
Sometimes signing an assembly is a requirement. This is true if you wish to GAC your assembly, or if a signed assembly wants to reference another assembly.
You can reuse the same .snk
file, and doing so will result in the same Public Key Token for all assemblies.
It's essential if you intend to put the assembly in the GAC for use by a large number of assemblies.
It's advantageous if you are going to give it to users to make use of rather than install yourself, since it offers a degree of reassurance that it really is the file you said you were giving them, rather than one tampered with.
It's good to use use few (perhaps just one) SNK files per entity (individual, collective, open-source group, or company) because if someone trusts you (whether "you" means individual, company, etc) and they therefore trust a public key they are sure is yours, then they will trust it the next time too. You wouldn't want to sign cheques with a different hand-written signature each time, would you?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With