How To: Specify strong name signing for your assemblies on the command line


This question came across the internal MSBuild discussion alias today:


My development team uses project files on their desktop for development, but we build the final assemblies in our build lab. How can we strong-name sign the files in our build lab using MSBuild, while still allowing the same project files to be used on developer machines?

My initial response was to simply edit the assemblyinfo.cs files and specify the key file information there. This doesn’t work, however, since the developers don’t have access to the key used for signing. An alternative, though hacky solution, would be to use the Exec task to call out to sn.exe and sign the files in the AfterBuild target. However, this really is a hacked up way to do it, so we dug around for a better way.


It turns out that the signing process in the Visual Studio build was done by the deployment team. We consulted with the deployment team and it turns out they accounted for this very scenario when they added their signing support into the Microsoft.Common.targets file. To do this via the command line you need to set two properties: SignAssembly and AssemblyOriginatorKeyFile. The command line would look something like this:


msbuild myapplication.sln /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=mykey.snk


[ Author: Neil Enns ]

Comments (8)

  1. JohnL says:

    Does the .snk file need a path?

    I know when the AssemblyKeyFile flag is specified, you need to add a path because the al command is executed in the binDebug directory

  2. ArtInAct says:

    In IDE we specify not only key file but a password as well. How to do it with MSBuild?

  3. tim johnson says:

    if anyone else is looking, here is what is needed for delay-signing:

    /p:SignAssembly=true /p:AssemblyOriginatorKeyFile="mykey.snk" /p:DelaySign=true

  4. Brett Ryan says:

    I second ArtInAct’s question, how do you specify the password?

    We have just setup our continuous build server but the server needs to know the password in order to sign the assemblies.

  5. Craig salon software says:

    hi,

    just to freshen this a little,

    as a long term user of strong naming I just dropped it as

    there is a more advanced technique called anti tamper

    obfuscators have this e.g. Confuser's anti tamper feature.

    proports to be better than strong naming

    its still a young tool but i've moved to it instead.

    HTH

    Craig salon software

    http://www.salonsoftwaresystem.com

  6. granadaCoder says:

    Thanks "tim johnson" for the delay signing tip.

Skip to main content