Recently, I was asked what a “Strong Name” is? And why we need a signed build?
Now, I’m going to talk about this concept, not only because I was asked, but also we had the “Strong Name” issue in our automation tests.
(The issue is that our unsigned automation tests running on signed products.)
So, before each topic, some guys may have below concerns,
1. What’s a Strong Name?
2. Why Microsoft involved this concept?
3. How we used this functionality?
Don’t worry, my answers are coming.
What’s “Strong Name” assembly?
1. A “Strong Named” assembly is the same as “Weakly Named” assembly, with following information in it: PE file format, PE32(+), CLR header, metadata, manifest, IL.
2. A “Strong Named” assembly is made up by “Name”, "Version”, "Culture” and “Public Key”, it not only used for unique identify an assembly, but also used for avoiding the version control problem. (Actually, MS is considering deprecate “Weakly Named” assembly.)
3. For the public key, actually .NET use “Public key/Private key” pairs to identify one assembly. Also please note, generally a “Public Key Token” will be used in order to replace the “Public Key”, because the “Public Key” is so large, so use one small hash value derived from it would be more convenience for developers.
Why use “Strong Named” assembly?
1. As a little described in above category, it’s used for unique identifying an assembly to avoid the version control issue(DLL hole).
2. A dll hole is that, Company A published one assembly called “ASM_01”, Company B also published one assembly with the same “ASM_01”. A published it first, and a user installed this assembly(dll), and later B also published the same assembly. Because both the dlls have the same name, so the later dll replaced the pervious one. So that the A software will no longer to work. That’s the dll hole.)
How to use it?
1. Create a VB/C#/F# .net application.
2. See below picture.
3. Click “ Choose a strong name key file:” drop-down list.
4. Click “New” menu item.
5. Type a name in the pop-up dialog. You can either check/uncheck the “Protect my key file with a password” check-box.
6. After clicked “OK” to dismiss the dialog, build your project. And now, your assembly is sighed with a strong name.
SN.exe
SN.exe is a useful tool that contained in Visual Studio 2010 SDK.(SN = Strong Name)
1. Sn.exe –k MyAssembly.snk. Use this CMD line exe to generate a public/private key pairs.
2. Sn.exe –p MyAssembly.PublicKey. Use this switch “-p” to generate a “PublicKey” file, so that you can use following command to view the public key.
3. Sn.exe –tp MyAssembly.PublicKey. By using this “-tp” switch, you will definitely view the very large digital of the public key.