Strong Naming an Assembly: Assembly should be strongly named à Proves the integrity of the Assembly and provides a means using which an Assembly is uniquely identified.

 

Concept: To prove the integrity of the assembly, firstly the hash of the assembly is taken and then encrypted with the private key of the publisher. The related public key is kept in the manifest of the assembly along with the assembly name and the name of the algorithm used for hashing.

1) Genrate the key pair using sn utility (sn –k file.key)

2)  Extract the public key (sn –p file.key pub.key)

3)  Make delaysign = true so that the program can use the dll.

4)  To push it in GAC use register verification skipping option (sn –Vr dll)

 

Best Practices / checklist

 

þ      Check for the [assembly: AssemblyKeyFile (@ “C:\Key\xyz.snk”)] directive in the assembly.cs file.

þ      Check for the size of xyz.snk file it should be of just 160 bytes (if it consists just the public key). If it is of 596 bytes( it contains both public and private key).

þ      Recommend for delay signing the assembly while in the Test UAT.

þ      Recommend to keep the Private key in a folder properly ACL’d while resigning it during shipping the assembly into production. (sn –R dll file.key).