Before strong name signing an assembly, we need to generate a public/private key pair, and obviously the dot NET Framework SDK provides tools for assigning a cryptographic signature to any built assembly. This includes the Strong Name tool “sn.exe” which will help us in building the key pair we need.
The first step in strong name signing is generating a key pair. The “sn.exe” tool is located in “C:Program FilesMicrosoft Visual Studio 8SDKv2.0Bin” and is a command line based tool, so start Microsoft CMD and use this command to generate a new key pair:
Sn –k MyKeyPair.snk
This way, we obtain a random key pair (MyKeyPair.snk) which contains both private and public key. We can of course extract the public key from the key pair obtained and place it in a separate file, but we will not enter in details on this since our main goal is to demonstrate that strong name must not be considered as a protection because of how weak it is!
Well, now by using MyKeyPair.snk, we will sign an assembly. There are several ways to do it: either by adding the correct custom attribute to your AssemblyInfo.vb or AssemblyInfo.cs source:
Or directly through Microsoft Visual Studio IDE via project’s properties – click on signing tab, check “Sign the assembly” then browse to the .snk file:
By building your project, you get a strong name signed assembly.
Determining if an Assembly is Strongly Named or Not
There are several approaches applicable to determine if an assembly has a strong name or not. I’ll show you some of them. The first one uses the same tool that helped us in generating our key pair file: the sn.exe tool.
For this, we run it using the following command: sn –vf MyAssembly.exe (or MyAssembly.dll)