Signing assemblies - basics

Question

What does it mean to sign an assembly? And why is it done?

What is the simplest way to sign it? What is the .snk file for?

Answer 1

The other two answers are fine, but one additional point. It is easy to get confused between "certificate" signing and "strong name" signing.

The purpose of strong name signing is as Stefan Steinegger says: to allow your customer to establish that the code they THINK they're loading really is precisely the code that they ARE loading. That is ALL strong names are for. Specifically, strong names do not establish any kind of trust relationship between your customer and you. If the customer decides that they trust code that comes from you, it is up to THEM to figure out exactly what the correct strong name is for your code. The "key management" problem is not in any way solved; the customer has the burden of figuring out how to know what key to trust.

Certificate signing, that is, signing with a certificate you get from Verisign or some other certifying authority, has a much more complex purpose. The purpose of certificate signing is to establish an authenticated chain of trust and identity from the certifying authority down to the organization which signed the code. Your customer might not trust you, your customer might not have even heard of you, but your customer can say "if Verisign vouches for the identity of the author of this code, then I will trust them". The key management problem is reduced for the customer because the certifying authority has taken on that burden for them.

Answer 2

What does it mean to sign an assembly?

To sign an assembly is to give the assembly a strong name.

Why is it done?

First, let's make an important distinction. One way to categorize assemblies in .NET is as follows:

• Private Assembly, is isolated for use by a single application (the default). It is usually found in the same directory as the application.
• Shared Assembly, is globally accessible by all the applications in your machine. It is usually found in the GAC, and it must be signed, i.e., it must have a strong name (made up of the name, version, public key and culture of the assembly).

Why? Having a strong name guarantees that your assembly is unique and that nobody can steal the GUID (as in COM) to create a different object with the same name. In other words, you are ensuring that when you load a signed assembly, you are loading exactly what you think you are loading. Eric Lippert offered a great answer to this particular question here.

This is not the same as saying that a signed assembly can be trusted. For that, an assembly can include Authenticode, a digital signature to provide information about the assembly developer/company.

What is the simplest way to sign it?

The following is the short version of the MSDN step-by-step:

1. Create a strong key using SN.EXE

   sn -k C:\mykey.snk

2. From Visual Studio, on your project Properties page, go to the Signing tab, and check on "Sign the assembly" to pick the file just created

3. Rebuild your project, and voila. Your assembly is now signed. You can see this in the CSPROJ file of your project:

<PropertyGroup>    <SignAssembly>true</SignAssembly> </PropertyGroup> <PropertyGroup>    <AssemblyOriginatorKeyFile>mykey.snk</AssemblyOriginatorKeyFile> </PropertyGroup> 

4. The gacutil tool allows you to manage your shared assembly in the GAC:
   • Install: gacutil /i myassembly.dll
   • View assembly in GAC: gacutil /l myassembly.dll
   • Uninstall: gacutil /u myassembly.dll

What is the .SNK file for?

The SNK is the 'Strong Name Key' file.