Frans Bouma's blog

Generator.CreateCoolTool();

Syndication

News

    Visit LLBLGen Pro's website

    Follow FransBouma on Twitter

    Add to Technorati Favorites

About me

Fun stuff I created

My work

Signing your assembly, newbie guide

Follow these easy steps. The first 4 steps you only have to do ONCE in your life. Step 5-7 you only have to do ONCE per project.

  1. Open a command prompt
  2. Type vsvars32.bat (enter) or navigate to the .NET bin dir
  3. Type: sn -k mykey.key (enter)
  4. Move mykey.key to a folder where it gets backupped daily, for example: c:\myfiles\keys\
  5. Open your code's solution in Visual Studio.NET
  6. Open the AssemblyInfo class in the editor
  7. For the attribute AssemblyKeyFile(), specify instead of the default "", the full path of your key, in our example this is "c:\myfiles\keys\mykey.key", so the attribute in full will be:
    C#: [assembly: AssemblyKeyFile("c:\\myfiles\\keys\\mykey.key")]
    VB.NET: <Assembly: AssemblyKeyFile("c:\myfiles\keys\mykey.key")>
  8. Compile your solution. After compilation, your assembly is signed with your strong key.
  9. To congratulate yourself with this big achievement, walk to the fridge and pop open a fresh Heineken.

*Pfew* I have to lay down now to take some rest after this long, thorough lecture. Sorry people, but you don't need a plugin which requires registration to do this easy stuff. If you can program software, you can sign your assembly. If not, what are you doing near that keyboard? ;)

The signed assembly can be freely distributed to your clients/customers. They can reference it in their .NET projects without having to worry about public keys, public tokens or other hard to understand material. The world is already very complex, let's not make the easy stuff look like it's very complex also.

Update: Thanks to 'Prima Donna' Robert Mclaws for pointing to a typo in the title.

Kereltje, zodra jij zo goed Nederlands lult als ik Engels, heb je recht van spreken.

Published Tuesday, December 23, 2003 3:00 PM by FransBouma

Filed under:

Comments

# re: Tool: The complete idiot's add-in for signing your assemblies with a strong name@ Tuesday, December 23, 2003 3:21 AM

TrackBack

# Tool: The complete idiot's add-in for signing your assemblies with a strong name@ Tuesday, December 23, 2003 3:30 AM

TrackBack

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:09 AM

This is groovy. I've been wanting to look this up for a while but I've been too lazy. "Signing your component for dummies."

Scott

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:12 AM

Excellent. I was thinking the same thing the other day when I read our infamous know-it-all saying how hard it was to do. :)

Paul Wilson

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:12 AM

Heh, I wouldn't expect anything else than lazyness from a person from lazycoder.com :D ;)

Frans Bouma

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:13 AM

You no longer have to register to download my tool. Thanks for the plug.

Robert McLaws

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:15 AM

Not every bad publicity is 'good', Robert. (and why is my comment removed from the commentslist under your tool? Tssk.. censorship... )

Frans Bouma

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:26 AM

Yes. It's easy, but why the heck not use a plugin? Why not make life easier? is that such a bad thing? Sure, I *could* write property getters and setters manually if I *wanted* to, but I use CodeSmart so make it fast and simple. Is that bad as well?

Roy Osherove

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:26 AM

LOL, I was thinking about the same when I read the huge announcement.


Nice job, do I have to register in the future to read your blog ;-) ?

Peter de Boer

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:28 AM

Thank you Frans!!!

Ugh. I really don't like that ( I do like this).

It had seemed so simple to sign my assembly, just like the steps above but with a key per project.

No thank you Robert.
There I was, left with this sinking feeling, that I had left out something, that this simple task was much larger than what I understood.

AndrewSeven

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:31 AM

Peter: just subscribe to the RSS feed in your RSS reader, no registration required ;)

Roy: plugins can be buggy, can mess up your code, can crash the IDE, can corrupt files and more. And that for just 1 line of code. :D

I don't use any plugins anymore, after I wrote some macros to create regions and properties. I know these will work without hassle. But thats choice. If you want to use a plugin for 1 line of code that is always the same in every project you create, go ahead, it's a free world (for some).

Frans Bouma

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:35 AM

Using plugin for adding key file name to AssemblyInfo class????
LOL!

btw, first two steps could be replaced by
1. Run Start/Programs/Microsoft Visual Studio .NET (2003)/Visual Stuio .NET Tools/Visual Studio .NET (2003) Command Prompt

Oleg Tkachenko

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:38 AM

Ah good one, Oleg :) The less steps, the better :)

Frans Bouma

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:39 AM

Just to play devil's advocate here, A macro is the same as a plugin for this discussion. It makes your life simpler. Regardless of the usefulness of Robert's plugin, You can't disregard "simple life mechanisms" so easily, can you? Sure, for one line of code it would seem a bit too much, but that's not usually the case.

Roy Osherove

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 9:46 AM

Roy,

it's not really the fact someone creates a plugin, it's more the fact there's made a *huge* announcement for a solution to a problem while there is no problem. It's really not a big deal to sign an assembly.

What would you say when I created a plugin that for example adds the statement "using system.data" to the top of my page? Basically that's what it does.

Peter de Boer

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 10:34 AM

It is all interesting but Carl Franklin created a tool to generate key file then the only thing you need to do is to make changes to your Assebly Attributes :)

http://www.franklins.net/dotnet/snutil.zip

www.ipattern.com (do you?)

Maxim V. Karpov

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 10:39 AM

Hi Frans,

This might work if you're the only developer on a project. But if your dev team has more than one developer, you *must* keep your secret key secret. This means that the developers shall not have the private key, but only the public key and use "Delay Sign" as described in this MSDN article. The GAC hassome special mode for skipping signature verification that has also to be used by developers during coding and testing. Then after, before burning the CDs, the assemblies have to be resigned by the "security officer", the only person in the company who should have access to the private key. Here's the link to the MSDN article:
http://msdn.microsoft.com/netframework/default.aspx?pull=/library/en-us/dnnetsec/html/strongNames.asp

Hope this Helps!

Christophe Lauer

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 10:45 AM

Maxim: you mean a wrapper around sn -k? :)

Christophe: good point. Although I think if you don't have a security officer it's not that big of a deal, but if you do, then indeed the developer should use delayed signing described in your article.

The fuzz here was more about a big announcement of a plugin to do something very simple :) The philosophy behind signing assemblies, (when to sign, when not to sign), installing in GAC or not, is a big subject, however if you've decided to do so (for example to be sure signed applications can use your assembly), the steps to sign the work are very easy :)

Frans Bouma

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 11:20 AM

I dont even see why this is a big deal, the process takes all of 30 seconds and is extremely simply...?

Joe Coder

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 12:43 PM

I agree with Frans and Joe Coder. For gosh sakes this is so frigging basic and it takes all of 30 seconds. This is chapter 1 of Richter for gosh sakes. How can anyone do aything in .NET if they don't know the most basic things like this? You don't need an add-in to do this as it is uncommenting two lines in AssemblyInfo.

Sam Gentile

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 4:28 PM

You guys are all primadonnas. The first part of my post said I had 30 e-mails in three days saying that people didn't know what it was. OBVIOUSLY there was a need for it SOMEWHERE, or I wouldn't have done it. Buy you guys are all so friggin brilliant... that's why it wasn't written for you, or the 2000-some-odd people that understand it. It was written for the 6 MILLION other .NET developers who are just getting started in .NET, and don't get it. Not everyone is as smart as you are.

And BTW, It's not Chapter 1 of Richter. The VB.NET Security Book does not cover it until Chapter 10. And the fact that you think the problem is as simple as one line of code, means you don't REALLY understand what's going on under the covers.

And in regards to the add-in not dealing with delay-signing... most shops can't even understand regular signing... to them, delay signing is next to impossible. You have to start somewhere.

Developers look up to you guys for advice, for leadership. Is this being a leader? Leaders don't tear people down. When you post blatantly negative attacks on someone, it makes other people not want to be a part of this community.

Speaking of starting somewhere, I think you all forgot where you started. There was a time once where you didn't know what strong-name signing was either (it wasn't that long ago, since it came around with the Framework). I doubt anyone derided you for being stupid and not knowing how you did it. Sam, you just single-handedly insulted 6 Million VB.NET developers who don't get the same signing comments that are in the AswsemblyInfo.vb file. Are you calling them stupid?

Robert McLaws

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 4:32 PM

Almost forgot. Singing your assembly, huh? I like singing songs, personally, but i can see how singing an assembly can be fun too.

Robert McLaws

# re: Singing your assembly, newbie guide@ Tuesday, December 23, 2003 4:42 PM

It is on Page 90 of Richter. I, unlike a lot of those programmers, started 3 years afo with just the framwork and an editor and figured it out. I also started with Richter. If people would just read the damn book and understand the basics before playing with things like ASP.NET they wouldn't have these issues over and over. I do understand signing fully, I don't know what you are doing with your controls that is different from hundreds of others that don't have the issues you have. And don't call me a prima donna. If its anyone who hasn't earned their place but touts their own horn every frigging second, its you. I have stayed out of this for far too long. I dind't post anything when all those people attacked you but you just don't listen to the advice that Frans and people gave you. You constantly come off as the gift to the world and making asine statements like "done more in 21 years than anyone has in 40." Its that kind of thing that pisses people off and does what Jim McCarthy calls "flipping the bozo bit" and having people stop listening to what you have to say. You can rant all you want. It is a matter of a command or uncommenting out 2 commented out lines in the AssemblyInfo. I have been doing this for 3 years and it takes 30 seconds. If you want to blow it up to epic scale like you do with all your "announcements" knock yourself out. I still maintain that its very basic and that anyone that does not know the basics of assemblies (ala Richter Chapters 1-3) will have a near impossible time programming .NET. VB can try to hide everything away from people but in the end you just have to know what you are doing. Fundamentals.
As to your last asertion that I single-handly insulted 6 million programmers, you are sounding more riducolous every time you post. You saying wild things like this just makes you look bad.

Sam Gentile

# re: Signing your assembly, newbie guide@ Tuesday, December 23, 2003 5:00 PM

The first thing I learned as well when I started .Net (and I started with notepad, MSDN, and Richter) was how to sign and delay-sign an assembly. The assembly, and how it works, how to use it, etc. is fundamental to understanding .Net.

I understand the reason you felt you needed to create the tool, but I disagree that it was necessary to create a tool when a simple explanation like Frans' would have sufficed. If the comments are not available in VB.Net (as it is in C#, which Sam and I use daily), then I would have answered those 30 emails you mentioned with a blog post explaining the issues. It helps produce better developers who understand why, rather than run another wizard and still have no idea what's going on.

Working with Sam day-in and day-out, I see that it is ingrained in him that developers understand "why" more than "what". He is not a "prima-donna", as he devotes hours of his time helping this client among many others in the .Net community to understand how .Net works. Sam was not trying to insult the 6 million developers -- instead, he was trying to help them understand why things work the way they do in .Net. Even the VB.Net Security book you mention (by Eric Lippert) goes through many details from the front-end to explain to the VB.Net developer why security is the way it is in .Net. He does all of that without running a single wizard. He mentions nothing about VB.Net because its immaterial to understanding the fundamental principles of .Net.

Robert Hurlbut

# re: Signing your assembly, newbie guide@ Tuesday, December 23, 2003 8:24 PM

Can I just skip to Step 9 and repeat it a few times?

Shannon J Hager

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 2:26 AM

@Robert: come on man, pointing out a typo from someone who's native language is not English??

It just shows you can't beat him on arguments.

I'd like to see you post in Dutch, and I promise I won't point out any typo if I can just understand what it's about.


[offtopic]
LOL @ Shannon :)

Peter de Boer

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 4:19 AM

Shannon: hehehe :) You could of course do that, but my experiences are that, if you take step 9 too many times, it's adviced not to take any of the previous steps after that ;)

Frans Bouma

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 4:19 AM

WARNING to mr. McLaws: do not ever post a reply to my blogs again. EVER.

Frans Bouma

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 6:45 AM

Peter:

"What would you say when I created a plugin that for example adds the statement "using system.data" to the top of my page? Basically that's what it does. "


If I remember correctly there a a very cool plugin somewhere that allows you to automatically add missing import (using) statements to your file when you forget to add the. Something like, you time Thread, mark the work and make the shortcut keys, and the using System.Threading line appears automagically. simple, time saving, and yes, does not take a genius to figure out. Still, iot's a wonderfull time saving plugin. I would not call such as plugin useless.

Roy Osherove

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 8:28 AM

Ugh, my typos are only enhanced on a norwegian keyboard, as my last comment would show..
I meant to say that you highlight the word "thread" and activate the plugin, to automatically have a "using System.Threading" line added to your code.
Hope that's more understandable.

Roy Osherove

# re: Signing your assembly, newbie guide@ Wednesday, December 24, 2003 8:33 AM

I found my friend Keith Brown's article on strong names to be the *best* thing I have read in 3 years on the subject. Check it out http://msdn.microsoft.com/netframework/?pull=/library/en-us/dnnetsec/html/strongNames.asp

I blogged it http://samgentile.com/blog/archive/2003/12/12/10883.aspx

HTH

Sam Gentile

# Dewayne Mikkelson and his Radio WebDog, Shadow@ Wednesday, December 24, 2003 8:40 AM

Dewayne Mikkelson and his Radio WebDog, Shadow

TrackBack

# re: Signing your assembly, newbie guide@ Thursday, December 25, 2003 3:12 PM

Damn, you nitwits!
Arguing about whether or not to write an add-in...
BE HAPPY that you're all .NET coders!
I still have to experience the terror of Java, ever tried to sign a JAR file?!? you need an entire tool for that! a plugin isn't even sufficient :P
We're gonna switch to .NET soon :D

But plz guys, don't argue about something so ignorant... both solutions are good :) surely a user can decide whether or not to use an add-in...

Greetz,
-- Rob.

En ja, hij had in inderdaad zijn bek moeten houden over spellingsfouten ;)

Rob Tillie