Welcome to MSDN Blogs Sign in | Join | Help

Signing Assemblies With C# in Whidbey

You may be in for a surprise when you try to rebuild your strongly named assemblies written in C# under Whidbey for the first time. If you're using the AssemblyKeyFile attribute, you'll get a warning similar to this:

signed.cs(4,11): warning CS1699: Use command line option '/keyfile' or appropriate project settings instead of 'AssemblyKeyFile'

Warning CS1699 directs you to use the C# compiler's /keyfile option to sign your assemblies, rather than using the AssemblyKeyFile attribute. Although AssemblyKeyFileAttribute will still work on Whidbey, it's recommended you move to /keyfile for several reasons.

  • AssemblyKeyFile embeds the path to the .snk file into your assembly. (For instance, if you ildasm mscorlib.dll, you can see that the machine Microsoft builds the CLR on stores the key in "E:/com99/bin/EcmaPublicKey.snk"). This kind of information disclosure is generally bad. Although it's not a direct threat, oftentimes things like server names and user names are in this path.
  • Using relative paths with the AssemblyKeyFile attribute gets confusing. When building from Visual Studio, you generally have to prefix the file with "..\..\", whereas when compiling from the command line, this is often not needed. This is because when the attribute starts looking for the key, it's actually starting from the output location.
  • It's another warning in your build. If you're treating warnings as errors, you may not even be able to finish the build until you make the change.

Fixing this for Whidbey will be relatively painless, just remove the attributes and set the compile flag in your build system. If you're using Visual Studio to build, from the project properties you can go to the new signing tab, and select the key you want to use. This page will also let you generate and password protect a new key. In addition to key files, the signing property page has options to delay sign or use a key container.

VS Whidbey Assembly Signing Tab

As a last resort, if these warnings are blocking you from getting builds out, you can temporarily disable them using code like the following:

// disable warning about using /keyfile instead of AssemblyKeyFile
#pragma warning disable 1699
[assembly:AssemblyKeyFile("test.snk")]
#pragma warning restore 1699

This change also affects key containers as well; you'll get the warning 1699 unless you switch to using the /keycontainer command line switch.

Published Thursday, April 15, 2004 5:05 PM by shawnfa
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Signing Assemblies With C# in Whidbey

Thursday, April 15, 2004 9:52 PM by Michael Giagnocavo
That's a great feature!

# New and Notable 46

Monday, April 19, 2004 6:32 PM by Sam Gentile's Blog

# New and Notable 46

Monday, April 19, 2004 7:41 PM by Sam Gentile's Blog

# re: Signing Assemblies With C# in Whidbey

Saturday, May 22, 2004 8:09 AM by TeroTech.Com Ltd
Its about time Ms decided to make code signing more secure and easily maintainable, nice one Microsoft, now lets get our hands on Whidbey !!

# Hitting the Mailbag

Tuesday, December 14, 2004 4:27 PM by .Net Security Blog

# Hitting the Mailbag

Tuesday, December 14, 2004 4:29 PM by .Net Security Blog

# Don't Sign C++/CLI Assemblies with Attributes

Thursday, July 14, 2005 5:46 PM by .Net Security Blog
We've already talked about using the /keyfile or /keycontainer switches to sign C# and VB assemblies...

# re: Signing Assemblies With C# in Whidbey

Friday, July 29, 2005 5:06 AM by Derek Wilson
Am I missing something here?

I understand that this mechanism is a better idea than using the old attributes however I am using VS2005 Beta 2 and the project properties sheet does not have a UI for the KeyContainer. It does have a UI for the KeyFile but I really do not want the keyfile copied around to every project.

How can I set /keycontainer switch from the UI in VS2005 Beta2?

# re: Signing Assemblies With C# in Whidbey

Saturday, October 01, 2005 7:43 PM by Morten Mertner
I'm having the same problem as Derek, and frankly, can't understand why having the key in the CSP should cause a warning to be emitted (the whole KeyFile concept with relative paths was broken, but referencing the CSP seems a lot better than having to hand-compile my projects using /keycontainer or /keyfile).

Can I at least hand-edit my project files to support this? Anyone? :)

# re: Signing Assemblies With C# in Whidbey

Sunday, October 02, 2005 6:17 PM by Morten Mertner
Ok, figured it out: Adding <Container>yada</Container> within the <AssemblyKeyContainer> tag works and VS no longer complains while compiling..

# re: Signing Assemblies With C# in Whidbey

Sunday, November 06, 2005 4:48 PM by Richard Grimes
I understand the information disclosure issue, and that using the command line switches will fix it. What I don't understand is why the compiler adds the custom attribute metadata to the assembly. The [AssemblyKeyFile] attribute is a message to the compiler, it is not used by the runtime and AFAIK no user code uses it, so why did the compiler writers add it to the assembly as metadata? I think a simpler solution would have been to prevent the generation of the metadata

# re: Signing Assemblies With C# in Whidbey

Wednesday, December 07, 2005 8:33 PM by .
What are the pros and cons, tradeoffs
between compile options keycontainer and keyfile (formerly attributes AssemblyKeyName and AssemblyKeyFile)?

Also why does VS2005 only provide support for keyfile, but not for keycontainer?

Thanks.

# re: Signing Assemblies With C# in Whidbey

Wednesday, December 28, 2005 2:20 AM by Jason Goemaat
Richard, the compiler adds the custom attribute metadata to the assembly because that is how other custom attributes work as well. You can even create your own custom attributes and use them, then their data will be there (create a class that extends from 'System.Attribute' and add it to the AssemblyInfo.cs file '[assembly: MySignatureAttribute("Jason was here!")]'). I don't think these should have ever been made into custom attributes to start with for this reason, they are really to tell the compiler where to find the file.

# I can&#8217;t remember where I read it&#8230;. &raquo; Sharing Strong Name Keys Across Multiple Projects In VS2005

Wednesday, June 21, 2006 7:30 PM by I can’t remember where I read it…. » Sharing Strong Name Keys Across Multiple Projects In VS2005
PingBack from http://www.adrianbanks.co.uk/?p=17

# Windows Live Writer

Monday, August 14, 2006 1:46 PM by Erwyn van der Meer
Microsoft has released a beta version of a new blog authoring tool called Windows Live Writer . I've

# Signing Assembly Tricks

Friday, October 20, 2006 3:13 PM by DaveZ's TFS Tome

One of the early frustrating features of 2005 initially was the deprecated ability to specify where your

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker