benefit of signing dll with strong name

StackOverflow https://stackoverflow.com/questions/8392040

Question

I have a c# solution that contains multiple c# class libraries. I am being doing some research recently and it is suggested that the outputted assemblies from my libraries should be signed, making them signed with a strong name. Firstly I am wondering if it is best that I progress with such? The libraries that outputted from these class libraries are used in multiple other projects.

If it is advised from my previous question that yes I should sign my dll's, the .snk I use, can this be used for each of the class libraries in the solution? Or must it be one key per class library?

Was it helpful?

Solution

Sometimes signing an assembly is a requirement. This is true if you wish to GAC your assembly, or if a signed assembly wants to reference another assembly.

You can reuse the same .snk file, and doing so will result in the same Public Key Token for all assemblies.

OTHER TIPS

It's essential if you intend to put the assembly in the GAC for use by a large number of assemblies.

It's advantageous if you are going to give it to users to make use of rather than install yourself, since it offers a degree of reassurance that it really is the file you said you were giving them, rather than one tampered with.

It's good to use use few (perhaps just one) SNK files per entity (individual, collective, open-source group, or company) because if someone trusts you (whether "you" means individual, company, etc) and they therefore trust a public key they are sure is yours, then they will trust it the next time too. You wouldn't want to sign cheques with a different hand-written signature each time, would you?

Signing the dll is the requirement for publishing your dll in GAC. The real benefits of the dll signing is as below.

1. Versioning

2. Authentication

a. Versioning denotes what version the dll has been build on and while pushing them into GAC two dll with same name can exists but different version

b. Authentication denotes whether the dll is not tampered and does exists the same when it was created.

Detailed blog on dll signing is available here

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top