Menu
In the visual studio project settings you can choose a strong name key file for signing the assembly. When creating a new one you can choose to protect it with a password. When should you do this? And when should you not?
I am thinking that it could for example be not so smart to protect it with a password if the project is an open source project hosted on Codeplex or similar. Or should it still be protected? Will people be unable to download the source and compile it if the key file is protected? Or, how does this work exactly?
492
A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key.
Software key file created by Strong Name Tool (Sn.exe), a cryptographic program included with Microsoft's . NET framework; contains a public key and private key pair; used to digitally sign and authenticate an application.
Key pair files usually have an . snk extension. In Visual Studio, the C# and Visual Basic project property pages include a Signing tab that enables you to select existing key files or to generate new key files without using Sn.exe.
In general, you should protect it with a password if you don't trust the people with access to it. Anyone with access to the key file can create an assembly with your strong name (unlike authenticode, they're not impersonating you, but they can get their assemblies to load instead of yours)
As for the open source scenario you described, people can always compile the code - they simply create a new key file, but the assemblies they create will not be loaded by assemblies that try to load your assemblies.
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
