This question came across the internal MSBuild discussion alias today:
My development team uses project files on their desktop for development, but we build the final assemblies in our build lab. How can we strong-name sign the files in our build lab using MSBuild, while still allowing the same project files to be used on developer machines?
My initial response was to simply edit the assemblyinfo.cs files and specify the key file information there. This doesn't work, however, since the developers don't have access to the key used for signing. An alternative, though hacky solution, would be to use the Exec task to call out to sn.exe and sign the files in the AfterBuild target. However, this really is a hacked up way to do it, so we dug around for a better way.
It turns out that the signing process in the Visual Studio build was done by the deployment team. We consulted with the deployment team and it turns out they accounted for this very scenario when they added their signing support into the Microsoft.Common.targets file. To do this via the command line you need to set two properties: SignAssembly and AssemblyOriginatorKeyFile. The command line would look something like this:
msbuild myapplication.sln /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=mykey.snk
[ Author: Neil Enns ]