Return to
HomePageASPNET2SecurityFAQs
Question: How do I Sign .Net assemblies with Authenticode signature?
Answer:
Use File Signing Tool (Signcode.exe) available with .Net Framework Tools. The File Signing tool signs a portable executable (PE) file (.dll or .exe file) with an Authenticode digital signature. You can sign either an assembly or an individual file contained in a multifile assembly. If you are distributing an assembly, you should sign the assembly rather than the individual files.
Strong naming an assembly the private key used to sign the assembly is a unique for each organization, it does not provide the same level of non-repudiation that digital certificates provide. For example, there is no way to look up the developer's identity based solely on an assembly's public key. Hence it’s important to strong name and assembly and signs the .Net assemblies with Authenticode signatures.
Here are is how you sign the assemblies with Authenticode signature. Using Visual Studio command prompt run following command from following location
C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Deployment\Vspkgs
>signcode /spc myCertificate.spc /v myKey.pvk myAssembly
To sign with a software publisher certificate (SPC) file, you must specify the ""-spc"" and ""-v"" options if your private key is in a PVK file. If your private key is in a registry key container, you must specify the ""-spc"" and ""-k"" options.
You can obtain a valid SPC from a Certification Authority such as
VeriSign or Thawte
Return to
HomePageASPNET2SecurityFAQs
Channel 9: Fishbowl for Facebook
Channel 10: Microsoft Teams Up with Nielsen
TechNet Edge: IT Pro Momentum y Evidencias
