Skip to main content

Signing Assemblies with a Strong Name

Code Analysis/FXCop warned me that my credit card application was not signed with a Strong Name, which would make it more difficult to determine if the assemblies had been tampered with. For more information on Strong Names and why they're a good thing, see this Tech Republic article.

you first need a cryptographic key before you can sign an assembly. The key is created using the sn.exe tool provided by the Windows SDK.
sn.exe -k sgKey.snk
I added my sgKey.snk file to my project in Visual Studio, and then in the Application's properties I went to the Signing tab, checked the "Sign the assembly" box, and specified my key file.

I had forgotten that I used a 3rd party library to manage logging the user out after a configurable period of inactivity and their assembly was not signed. You can't sign an assembly unless all of its dependencies are signed as well, which makes sense. You need to replace the unsigned assemblies with signed ones first.
If you can compile the 3rd party library from source, you can sign it yourself; otherwise you'll want to ask them to provide you with a signed assembly. I was in an odd situation where I had compiled the library but had not saved the code, and couldn't find the open source project from which I originally gotten the code. My solution was to sign it myself by disassembling the assembly, and re-assembling it using my key.

The ildasm.exe tool is used to disassemble .NET assemblies.
ildasm /output:Timer.il Timer.dll
Then, the ilasm.exe tool let me provide my key file and re-assemble the library so I had a signed assembly.
ilasm /dll /key:sgKey.snk  Timer.il
ildasm.exe is provided by the Windows SDK, and ilasm can be found in your %WINDIR%\Microsoft.NET\Framework\v## directory (where ## is replaced by an appropriate version number of the .NET Framework).

It's not uncommon to have multiple versions of .NET installed on a computer, let alone on a developer's computer, so be sure to use ilasm.exe for the lowest version of .NET you wish to support when you re-assemble your library. You can't assemble it with v4.0.30319\ilasm.exe if you're targeting a .NET 2.0 platform.

Comments

Popular posts from this blog

Geolocation Search

Services that allow users to identify nearby points of interest continue to grow in popularity. I'm sure we're all familiar with social websites that let you search for the profiles of people near a postal code, or mobile applications that use geolocation to identify Thai restaurants within walking distance. It's surprisingly simple to implement such functionality, and in this post I will discuss how to do so.

The first step is to obtain the latitude and longitude coordinates of any locations you want to make searchable. In the restaurant scenario, you'd want the latitude and longitude of each eatery. In the social website scenario, you'd want to obtain a list of postal codes with their centroid latitude and longitude.

In general, postal code-based geolocation is a bad idea; their boundaries rarely form simple polygons, the area they cover vary in size, and are subject to change based on the whims of the postal service. But many times we find ourselves stuck on a c…

Reading Unicode (UTF-8) in C

In working on scanner code for Kiwi I did a bit of reading up on Unicode. It's not really as difficult as one might think parsing UTF-8 character by character in C. In the end I opted to use ICU so I could take advantage of its character class functions instead of rolling my own, but the by-hand method I thought was still worth sharing. Functions like getc() read in a byte from an input stream. ASCII was the predominant encoding scheme and encoded characters in 7-8 bits, so reading a byte was effectively the same as reading a character. But you can only represent 255 characters using 8 bits, far too little to represent all the characters of the world's languages. The most common Unicode scheme is UTF-8, is a multi-byte encoding scheme capable of representing over 2 million characters using 4 bytes or less. The 128 characters of 7-bit ASCII encoding scheme are encoded the same, the most-significant bit is always 0. Other characters can be encoded as multiple bytes but the mo…

Composing Music with PHP

I’m not an expert on probability theory, artificial intelligence, and machine learning. And even my Music 201 class from years ago has been long forgotten. But if you’ll indulge me for the next 10 minutes, I think you’ll find that even just a little knowledge can yield impressive results if creatively woven together. I’d like to share with you how to teach PHP to compose music. Here’s an example: You’re looking at a melody generated by PHP. It’s not the most memorable, but it’s not unpleasant either. And surprisingly, the code to generate such sequences is rather brief. So what’s going on? The script calculates a probability map of melodic intervals and applies a Markov process to generate a new sequence. In friendlier terms, musical data is analyzed by a script to learn which intervals make up pleasing melodies. It then creates a new composition by selecting pitches based on the possibilities it’s observed. . Standing on ShouldersComposition doesn’t happen in a vacuum. Bach was f…