Delay Signing an Assembly

Team-Fly    

Developing XML Web Services and Server Components with Visual C#™ .NET and the .NET Framework, Exam Cram™ 2 (Exam 70-320)
By Amit Kalani, Priti Kalani

Table of Contents
Chapter 11.  Deployment


In most companies, the private key is stored securely, and only a few people have access to it. To help keep this key secure, the .NET Framework provides a delay-signing technique for assemblies.

When you use delay signing, you use only the public key to build an assembly. Associating public keys with an assembly enables you to place the assembly in the GAC and complete most of the development and testing tasks with the assembly. Later, when you are ready to package the assembly, someone who is authorized signs the assembly with the private key. Signing with the private key ensures that the CLR provides tamper protection for the assembly. The following list summarizes the steps involved with delay signing:

  1. Extract a public key from the public/private key pair To extract the public key from a file that is storing the public/private key pair, you use the Strong Name tool, as follows:

     sn.exe -p KeyPairFile.snk PublicKeyFile.snk 
  2. Use Visual Studio .NET to delay sign an assembly To use delay signing in a Visual Studio .NET project, you need to modify the following two attributes of the project's AssemblyInfo.cs file and build the assembly:

     [assembly: AssemblyDelaySign(true)] [assembly: AssemblyKeyFile("PublicKeyFile.snk")] 
  3. Turn off verification for an assembly in the GAC By default, the GAC verifies the strong name of each assembly. If the private key is not used to sign the assembly, this verification fails. For development and testing purposes, you can relax this verification for an assembly by issuing the following command:

     sn.exe -Vr MyAssembly.dll 

    If you execute this command, the GAC always skips the verification for this assembly in the future.

  4. Sign a delay-signed assembly with the private key When you are ready to deploy a delay-signed assembly, you need to sign it with the company's private key:

     sn.exe -R MyAssembly.dll KeyPairFile.snk 
  5. Turn on verification for an assembly in the GAC Finally, you can instruct the GAC to turn on verification for an assembly by issuing the following command:

     sn.exe -Vu MyAssembly.dll 

Using the Assembly Generation Tool for Delay Signing

The Assembly Generation tool (al.exe) generates an assembly with an assembly manifest from the given modules or resource files. A module is a Microsoft Intermediate Language (MSIL) file without an assembly manifest.

While generating an assembly, you can also instruct the Assembly Generation tool to sign or delay signing an assembly with the given public/private key file. When you use al.exe for delay signing, you also use the arguments listed in Table 11.1.

Table 11.1. Arguments Passed to al.exe for Delay Signing

Argument

Description

<sourcefiles>

You replace <sourcefiles> with the names of one or more compiled modules that will be the parts of the resulting assembly.

/delay[sign][+|-]

You can use either the delay argument or the delay[sign] argument for delay signing. The option + is used to delay sign the assembly by storing just the public key manifest in the assembly manifest.

The - option is used to fully sign an assembly with both public and private keys.

If you do not use either + or -, the default value of - is assumed.

/keyf[ile]:<filename>

You can use either keyf or keyfile to specify the key file. You replace <filename> with the name of the file that stores the key(s).

/out:<filename>

You replace <filename> with the desired name of the output assembly file.

Assume that you want to create an assembly by linking two modules, Sample1.netmodule and Sample2.netmodule. The public key file is SamplePublicKey.snk, and the desired output assembly is SignedSample.exe. You would use the al.exe command as follows:

[View full width]

al.exe Sample1.netmodule,Sample2.netmodule /delaysign+ /keyfile:SamplePublicKey.snk /out graphics/ccc.gif:SignedSample.exe

    Team-Fly    
    Top


    MCAD Developing XML Web Services and Server Components with Visual C#. NET and the. NET Framework Exam Cram 2 (Exam Cram 70-320)
    Managing Globally with Information Technology
    ISBN: 789728974
    EAN: 2147483647
    Year: 2002
    Pages: 179

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net