19.5 Creating a Strong Name Assembly

19.5 Creating a Strong Name Assembly

Technique

You first need to create a key file that contains the public and private keys that make up the strong name. You can do so from the command line using the strong name utility, sn :

 sn k KeyFile.snk 

This line creates a key file called KeyFile.snk , which contains a new randomly generated strong name. The name of the file is entirely your choice, but key files often have the extension .snk .

You can now ensure that an assembly will be signed with this strong name by placing the following line in your C# source code:

 [assembly: AssemblyKeyFile(@"C:\Keys\KeyFile.snk")] 

Note that this code presumes that you placed the key file in a folder, C:\Keys .

If you are working with a project created with VS.NET, then you'll find an empty AssemblyKeyFile attribute declared in the AssemblyInfo.cs file, so you should modify this existing attribute instead. (You'll get a compilation error if AssemblyKeyFile is declared more than once.) When a project is first created, VS.NET by default generates this code in AssemblyInfo.cs :

 [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile("")] [assembly: AssemblyKeyName("")] 

This code indicates no key name or key file, so it causes the compiler to generate an assembly without a strong name.

Unless you intend to use delay signing, you should leave AssemblyDelaySign as false , and if you are using a key file, you should leave the AssemblyKeyName attribute blank:

 [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile(@"C:\Keys\KeyFile.snk")] [assembly: AssemblyKeyName("")] 

An alternative technique is to actually install the key into the list of digital signatures maintained in the background by the Windows operating system's security services (more correctly, the cryptography service provider, or CSP). To do so, you can use the sn command with the /i flag once you create the key:

 sn k KeyFile.snk sn i KeyFile.snk MySampleKey 

With these commands, you first create a key file containing the strong name, then you install the strong name in the Windows CSP, giving it the name MySampleKey . Now you can have the assembly signed by amending the VS.NET-generated source code to read as follows :

 [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile("")] [assembly: AssemblyKeyName("MySampleKey")] 

You have a clear choice here: You can either set the AssemblyKeyName attribute to indicate that you want the compiler to ask the CSP for the key, or you can indicate a file containing the key using the AssemblyKeyFile attribute. Setting both attributes works, but it can be a bad idea because it could be confusing to developers. (With both attributes set, the compiler asks the CSP for a key with the given name first. If that fails, it looks for the specified key file.)

Comments

A strong name is a digital signature embedded in the assembly, in a format specific to managed code and recognized by the CLR. It is a security precaution that guarantees the integrity of an assembly. Having a strong name ensures that, if any unauthorized persons who do not have access to the key file tamper with the file, it is detected by the CLR, resulting in the CLR refusing to load the file.

Giving an assembly a strong name is an essential prerequisite for installing that assembly in the global assembly cache (GAC). The CLR does not let you install an assembly into the GAC unless it has a strong name. Bear in mind, however, that simply adding a strong name does not by itself create a shared assembly. At this stage, if you follow the preceding procedure, you have a private strong-named assembly ”in other words, an assembly that happens to have a strong name but which is nevertheless a private application-specific assembly that is not installed in the GAC.