What Happens When You Sign With A Larger Key

In response to last Friday's post about creating a key that's longer than 1024 bits, Nicole wondered if anyone had tried doing this, and what the results might be.

I just created a 16,384 bit key on beta 1 of the framework (confirming Eugene's time estimate from Friday, this did take just over an hour).  Then I signed a simple HelloWorld application with both a standard 1024 bit key and this new larger key.

In order to find the signature, we need to look at the StrongNameSignature field of the IMAGE_COR20_HEADER structure (which you can find in either winnt.h of the Windows Platform SDK or in corhdr.h of the .NET Framework SDK).  Checking this field on both files shows:

Key Size	Signature Size
1024 bit	128 bytes
16384 bit	2048 bytes

So, when you sign with a bigger key, the compiler just allocates a larger area in the PE file for the signature to be stored.  Without digging into the PE file, you can also find the public key of the assembly by running ILDasm on it, and noticing that the key size is much bigger than if the signature had been done with a standard size key.