Code security (Strong-naming (Delay signing (Keep initial sn.key secret on…
Creates hash for unique identity
5 part name
Allows side by side versioning in GAC
Create key pair file sn.key
Sign in VS or cmd line sn.exe
Dependencies of a strong named assembly must also be strong named
Errors on run
From .net 3.5 CLR onwards will not check validity of the signing (the hash
This is strong-name bypass for efficiency
Can switch on with registry or config
Can validate in code only with Windows - use PInvoke
Keep initial sn.key secret on build server
Get public key file from it
Give public key file to everyone to delay (partial) sign
Devs need sn.exe -Vr [assembly name] to run/debug
Certificate signing can be verified to CA via 'chain of trust'
'Authenticode' - Microsoft term
Used by ClickOnce and AppLocker?
Since .net 4 publisher CLR does not check cert
Can turn on in app config?
Does not set PublisherIdentityPermission now
Would have to use Code Access Security (in code)
Sign msis also - don't get warning on install
Signng dlls will prevent anti-virus complaining
Can verify in code with .NET X509Certificate api
Certificate needs to be in local Certificate Store
:warning:Strong-name (sn) signing and Authenticode signing are 2 entirely different things!