Does an assembly's signature need to be authenticatable?
https://stackoverflow.com/questions/10482398
-
06-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
From what I've seen on the internet – it doesn't. (I'm referring to strong name signing of an assembly, not to certificates by certificate authorities) Which leads me to these questions:
- Why have date stamping for it?
- Do I have to keep the keys with which it was signed or can I simply create a key pair (sn –k), sign, and delete it?
المحلول
Terms like "date stamping" and "authenticatable" only apply to code signing. A strong name is entirely different, it doesn't prove the identity of the signer. It merely allows verifying that the content of the assembly wasn't modified from the version that was used to build the program by somebody that doesn't have the private key.
A strong name isn't verified in full trust mode since .NET 3.5 SP1. A policy that you can override with a .config file and the <bypassTrustedAppStrongNames> element. MSDN article is here.
You certainly want to keep the .snk file around. You won't be able to deploy bug fixes for a particular assembly if you throw it away.
