Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted...

If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need...

Occasionally we run into a scenario where someone asks about shipping a strong name skip verification entry for their assembly with their product. Generally, their reasoning is that the performance hit of strong name verification is too great for their...

Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute . Today, the SQL-CLR blog takes a look at how APTCA affects assemblies hosted in SQL Server 2005 databases -- recommended reading for those dealing with strong names and...

Mike Downen , our CLR security PM, wrote the CLR Inside Out column this month in MSDN Magazine on strong name signatures. He covers what strong name signatures are, what they're good for, what they're not good for, delay signing, and test signing. I just...

The IronPython team just announced their v1.0 beta 7 release , which is especially interesting to me because they’ve enabled IronPython to be signed with a test key signature. Beta 7 has four configurations, the standard Release and Debug along with...

v2.0 of the .NET Framework deprecated the use of the AssemblyKeyFileAttribute and AssemblyKeyContainerAttribute . Often times, these attributes were used to share a common key file across several projects. If you try to share key files using the Visual...

When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your...

One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the ability to work with PKCS #12 PFX files in addition to SNK files. The logic here is that a self signed certificate stored in a PFX file is the moral equivalent...

The general concepts of Authenticode signing an assembly are well understood -- they mostly correlate directly to the standard Win32 concept of a signed catalog. However, there are a few places where managed code plays differently, and sometimes these...

One feature that will start to show up on the latest CTP of Whidbey is test key signing -- basically delay signing++. Lets do a quick review of what delay signing is , and then see where test key signing takes over. Recall a delay signed assembly is one...

Ian Huff has an entry today about the problems you'll run into when using Visual Studio Team System to profile assemblies that have a strong name signature . He walks through the steps necessary to cause Visual Studio to resign your assemblies after they...

We've already talked about using the /keyfile or /keycontainer switches to sign C# and VB assemblies instead of using the AssemblyKeyFile attribute. When dealing with C++/CLI assemblies, using these switches becomes even more important. The reasoning...

Last time I talked about reasons that you might want to strongly name your application's entry point . The most obvious reason is so that you can setup your security policy to increase the level of trust given to that assembly by the default policy. You...

Junfeng wonders why you might want to strongly name an exe . Sometimes strong naming your exe can be a very useful, but like any feature it's not necessarily always the tool you need for the job. For instance, when running a simple managed .exe off of...

The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section...

Time for another visit to the managed strong name API; this time lets take a look at public key tokens. If we want to calculate a token, the strong name API provides two functions that we can use. We've already covered the first, StrongNameTokenFromAssemblyEx...

Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday : You can figure out the size of the key used to sign an assembly based upon the size of the signature...

Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual...

In response to last Friday's post about creating a key that's longer than 1024 bits, Nicole wondered if anyone had tried doing this, and what the results might be. I just created a 16,384 bit key on beta 1 of the framework (confirming Eugene's time estimate...

A while back, I wrote about using the StrongNameKeyGenEx API to generate keys to sign assemblies with. That API lets you pass in a dwKeySize parameter to specify the number of bits to generate in the key. If you're calling the API from your own code,...

Windows Forms has a feature that allows you to use an ActiveX control on your managed form. All you have to do is add the control to your toolbox, and VS takes care of the rest behind the scenes. But this feature has a bit of a problem when it comes to...

I've completed refactoring the Managed StrongName project , and I've uploaded the new sources. The changes I made were all pretty much what I laid out in the previous post. We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName...

Looking over the Managed StrongName code for today's post, I've become dissatisfied with several things in the current code base, and I think that a bit of refactoring is in store for this project before its next addition. One of the major things is the...

(Updated 12/3/04 for code refactoring ) Before letting another two months pass, its time to once again update the managed sn.exe port . Today's update adds three modes, each of which allow extraction of a public key blob from various sources: Flag Description...