Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where is the strong name key password stored?

I don't usually bother with signing my .NET assemblies, so I don't know much beyond the basic mechanics of it. For a small project I'm working on, it was necessary to sign, and I created a new key, protected with a password.

I expected to be prompted for this password at some point in time when recompiling the assembly, but I've never needed to enter it anywhere after creating the key file. This seems to defeat the purpose of password protecting the key in the first place.

I imagine the password is cached somewhere, but where? Is it in some kind of private storage? If I give someone else my entire solution directory with the key file in it, will they be prompted for the password I entered, or will they be able to sign the assembly without the password?

There are lots of articles on the internet about strong name keys and using them, but for some odd reason they all gloss over how the password is actually used by Visual Studio.

Update: Restarting Visual Studio (and Windows) has no effect, so the caching appears to be persistent. Deleting the .suo file does not change the fact that no password is needed to sign the assembly.

like image 646
Thorarin Avatar asked Nov 14 '10 11:11

Thorarin


People also ask

Where is SN EXE located?

If you cannot find it there, check “C:Program Files” on 32-bit systems. Also check the folders corresponding to other versions of Microsoft Visual Studio, such as “Microsoft Visual Studio 9.0” etc. If you still cannot find it, run a search on your C: drive.

How do I get a strong key name?

In Solution Explorer, open the shortcut menu for the project, and then choose Properties. Under the Build tab you'll find a Strong naming node. Select the Sign the assembly checkbox, which expands the options. Select the Browse button to choose a Strong name key file path.

How do I get a public key for a strong named assembly?

First, right click on the Assembly DLL -> Properties -> Details. Here you can find the name, version and Culture of your Assembly. It will give you the public key. Now you can forge Fully Qualified Name.

What is .SNK file?

Software key file created by Strong Name Tool (Sn.exe), a cryptographic program included with Microsoft's . NET framework; contains a public key and private key pair; used to digitally sign and authenticate an application.


1 Answers

See the documentation for the Create Strong Name Key Dialog Box.

The password information is stored in your computer's cryptographic storage database.

Other information from CLR Inside Out: Using Strong Name Signatures.

You can install the private key in a key container using restrictive access control lists (ACLs) to prevent unauthorized access to the key container. Alternatively, you can store the private key on a smart card or other separate hardware device. The sn.exe tool allows you to use a different cryptographic service provider (CSP) for signing. Take a look at the –c option in the documentation for sn.exe.

like image 128
sisve Avatar answered Sep 26 '22 01:09

sisve