SIGN UP MEMBER LOGIN:    
ARTICLE

When to Delay Sign Assemblies

Posted by Vandita Pandey Articles | C# Assemblies August 03, 2006
Tags: .NET, assemblies, C#, Delay Sign Assemblies, delay signing, What is Delay Signing
Delay signing plays a vital role in development when you are building assemblies. In this article, I talk about the significance and process of delay signing the assemblies.
Reader Level:

When to Delay Sign Assemblies

In a workplace where many developers are working on a project, there is every possibility of private key of assembly being mishandled. Hence in a development environment, it becomes mandatory to maintain the integrity of the system during tests and build. This is where delay signing proves significant.

What is Delay Signing?

Delay signing is a process of generating partial signature during development with access only to the public key. The private key can be stored securely and used to apply the final strong name signature just before shipping the project.

How to delay sign assemblies?

To use delay signing, follow these five steps:

  1. Extract the public key from the key pair. We can use the tool sn.exe for this.

    sn - pc keypairfilename ExtractPublicKey.pk
  2. The generated public key (ExtractPublicKey.pk) can be used by development team to delay sign assemblies. This is a stage when .NET Framework will not allow us to load the delay-signed assemblies as they are yet not fully signed. Hence it becomes vital to configure our development machines such that it skips strong name signature verification for our key.

    Use C# compiler to delay sign assembly as follows:

    csc /delaysign+ /keyfile: ExtractPublicKey.pk test.cs
  3. To configure the .NET Framework to skip strong name signature verification for the test.exe assembly on development machines:

    sn - Vr test.exe

    We can also configure our machine to skip all assemblies delay signed with the same key as test application. The following command will do this:

    sn - T test.exe

    The execution of above command will give us the public key token.

    Public key token is b03f5f7f11d50a3a
  4. Execute the following command to skip strong name verification for any assembly using the public key token generated above:

    sn - Vr *,b03f5f7f11d50a3a

    Please note that skipping strong name signature verification is something that should only be done on development machines. It should never be done in production environment as it opens up those machines to assembly spoofing attacks.
  5. The fifth step is the final step taken before the deployment of the project to the production. We will use the securely saved private key to generate the final full strong name with sn.exe tool. 

    sn - Rc test.exe keypairfilename

    This completes the process and adds the full signature to the assembly. A pointer to this step is that our delay-signed assemblies now don't need to be rebuilt. Any assemblies that had a reference to the delay-signed assembly also had access to its public key and are therefore able to create a full assembly reference, even though the assembly did not have a full signature.

Summary

Delay signing the assemblies is a easy and secure way of protecting the assemblies in the development environment. However please note that with delayed signing on, during testing environment none of the strong name signatures are verified. So there is a trade off. But I have a solution to this as well, the term is Test key signing that I'll discuss in my next article...

Login to add your contents and source code to this article
share this article :
post comment
 

Nice presentation....

Posted by Vineet Kumar Saini Feb 02, 2012

Thank You very much Quite informative...

Posted by Amit Agrawal Jun 14, 2010
TOP LEADERS
TRENDING UP
Sponsored by
6 Months Free & No Setup Fees ASP.NET Hosting!
Become a Sponsor
MOST LIKED ARTICLE
TAG CLOUD
PREMIUM SPONSORS
  • Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon. Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees. As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
    Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon. Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees. As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
LATEST JOBS
Sponsored by
Team Foundation Server Hosting
Become a Sponsor
WHITEPAPERS AND BOOKS
Hosted By CBeyond Cloud Services TOP MEMBERSMOST VIEWEDTRENDING NOW PRIZESAWARDSBOOK REVIEWSSURVEY
PHOTOSTIPSCONSULTING TRAININGSTUDENTSMEMBERSMEDIA KIT SUGGEST AN IDEA
PRIVACY POLICY | TERMS & CONDITIONS | SITEMAP | CONTACT US | REPORT ABUSE © 2012 C# Corner. All contents are copyright of their authors.