I decided I’d finally start finishing my projects properly by signing them before deployment. Everything I make (to date) has been for internal use only, so my lack of signing thus far has been of no consequence. Still, I thought I’d try to learn something – how hard could it be? You just enable code signing in your project and compile, right? Possibly.
My issues came two-fold: firstly, I made use of a referenced to three other DLLs, internally developed, but not by me. These were not strongly signed and so I could not sign my own project. Lowest common denominator. Browsing the web, I found this article. The basic premise is: decompile the DLL (which everybody knows is super simple in .NET) and then recompile, but with a strong name (i.e. signed).
I couldn’t get the key created by Visual Studio to work with this process so, as mentioned in the article, I created a new one with a different format:
sn.exe -k SigningKey.snk
Decompile your DLL into intermediate language (this also creates a resource file):
ilDasm.exe Some.dll /out:Some.il
Recompile, with a strong name:
ilAsm.exe Some.il /dll /resource=Some.res /key=SigningKey.snk
ZOMG – This works! At least, it did until I tried to run my application, at which point it crashed trying to load one of the DLLs.
The second problem I had was that one of my references also referenced another, so I had to also update the internal reference of the DLL to use the strongly-signed version of the other. I poked around in the generated IL and looked at that of other libraries referencing strongly named assemblies. And I copied that.
One needs to add a
.publickeytoken attribute to the relevant .assembly section, like so (with the correct Public Key Token):
.assembly extern mscorlib
.publickeytoken = (B7 7A 5C 56 19 34 E0 89 )
Et voilà. Everything runs nicely.
As a final note, and much simpler to resolve, in order for a test project to access internal methods of a strongly-named assembly, you need to sign the test assembly and then specify its Public Key in the
InternalsVisibleTo attribute. You can grab this as follows:
sn.exe -p SigningKey.snk SigningKey.PublicKey
sn.exe -tp SigningKey.PublicKey
The attribute becomes:
via Brenton House’s Blog @ weblogs.asp.net