Generating Larger Keys with SN

A while back, I wrote about using the StrongNameKeyGenEx API to generate keys to sign assemblies with.  That API lets you pass in a dwKeySize parameter to specify the number of bits to generate in the key.  If you're calling the API from your own code, that's great, but what if you're using the sn.exe tool?

With Whidbey, you can use SN to generate keys of different sizes.  The -k flag takes a key size option as its first parameter. So you could do:

sn -k 2048 largekey.snk

And get a 2048 bit key.  If the key size is not specified, it defaults to 1024 bits, the same as the v1.0 and v1.1 versions of SN produce.  Not all key sizes are valid, you'll need to pick a valid size for an RSA key.  So for instance

sn -k 2105 invalidKey.snk

Will result in:

Failed to generate a strong name key pair -- Invalid flags specified.

Of course if you specify a key too large, SN will take a long time to generate it.  In fact, our test lead once tried to generate a key of 16,384 bits (which is the maximum supported size).  It took just over an hour to do, so it's probably best to stay with 1024 or 2048 bit keys for a while.  :-)

Once you've generated the key, you use it in the same way that you would use any key.  Just pass it as a /keyfile: parameter to your compiler of choice, and everything should work as normal.

It's interesting to note that no matter what size key you use to sign your assembly, the public key token will remain eight bytes long.