The
following is an excerpt from the Microsoft MSDN Library, October
2002:
“An organization
can have a closely guarded key pair that developers do not have
access to on a daily basis. The public key is often available,
but access to the private key is restricted to only a few individuals.
When developing assemblies with strong names, each assembly that
references the strong-named target assembly contains the token
of the public key used to give the target assembly a strong name.
This requires that the public key be available during the development
process.
You can use delayed
or partial signing at build time to reserve space in the portable
executable (PE) file for the strong name signature, but defer
the actual signing until some later stage (typically just before
shipping the assembly).
The following
steps outline the process to delay sign an assembly:
1. |
Obtain
the public key portion of the key pair from the organization
that will do the eventual signing. Typically this key
is in the form of an .snk file, which can be created using
the Strong Name tool (Sn.exe) provided by the .NET Framework
SDK. |
2. |
Annotate the source code for the
assembly with two custom attributes from System.Reflection:
· |
AssemblyKeyFileAttribute,
which passes the name of the file containing the
public key as a parameter to its constructor. |
· |
AssemblyDelaySignAttribute,
which indicates that delay signing is being used
by passing true as a parameter to its constructor.
For example:
[Visual
Basic]
<Assembly:AssemblyKeyFileAttribute("myKey.snk")>
<Assembly:AssemblyDelaySignAttribute(true)>
[C#]
[assembly:AssemblyKeyFileAttribute("myKey.snk")]
[assembly:AssemblyDelaySignAttribute(true)] |
|
3. |
The compiler inserts the public
key into the assembly manifest and reserves space in the
PE file for the full strong name signature. The real public
key must be stored while the assembly is built so that
other assemblies that reference this assembly can obtain
the key to store in their own assembly reference. |
4. |
Because the assembly does not have
a valid strong name signature, the verification of that
signature must be turned off. You can do this by using
the –Vr option with the Strong Name tool.
The following
example turns off verification for an assembly called
myAssembly.dll.
sn
–Vr myAssembly.dll |
5. |
Later, usually just before shipping,
you submit the assembly to your organization's signing
authority for the actual strong name signing using the
–R option with the Strong Name tool.
The following
example signs an assembly called myAssembly.dll with a
strong name using the sgKey.snk key pair.
sn
-R myAssembly.dll sgKey.snk” |
|
