I don't usually bother with signing my .NET assemblies, so I don't know much beyond the basic mechanics of it. For a small project I'm working on, it was necessary to sign, and I created a new key, protected with a password.
I expected to be prompted for this password at some point in time when recompiling the assembly, but I've never needed to enter it anywhere after creating the key file. This seems to defeat the purpose of password protecting the key in the first place.
I imagine the password is cached somewhere, but where? Is it in some kind of private storage? If I give someone else my entire solution directory with the key file in it, will they be prompted for the password I entered, or will they be able to sign the assembly without the password?
There are lots of articles on the internet about strong name keys and using them, but for some odd reason they all gloss over how the password is actually used by Visual Studio.
Update: Restarting Visual Studio (and Windows) has no effect, so the caching appears to be persistent. Deleting the .suo file does not change the fact that no password is needed to sign the assembly.
If you cannot find it there, check “C:Program Files” on 32-bit systems. Also check the folders corresponding to other versions of Microsoft Visual Studio, such as “Microsoft Visual Studio 9.0” etc. If you still cannot find it, run a search on your C: drive.
In Solution Explorer, open the shortcut menu for the project, and then choose Properties. Under the Build tab you'll find a Strong naming node. Select the Sign the assembly checkbox, which expands the options. Select the Browse button to choose a Strong name key file path.
First, right click on the Assembly DLL -> Properties -> Details. Here you can find the name, version and Culture of your Assembly. It will give you the public key. Now you can forge Fully Qualified Name.
Software key file created by Strong Name Tool (Sn.exe), a cryptographic program included with Microsoft's . NET framework; contains a public key and private key pair; used to digitally sign and authenticate an application.
See the documentation for the Create Strong Name Key Dialog Box.
The password information is stored in your computer's cryptographic storage database.
Other information from CLR Inside Out: Using Strong Name Signatures.
You can install the private key in a key container using restrictive access control lists (ACLs) to prevent unauthorized access to the key container. Alternatively, you can store the private key on a smart card or other separate hardware device. The sn.exe tool allows you to use a different cryptographic service provider (CSP) for signing. Take a look at the –c option in the documentation for sn.exe.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With