Bypassing the Authenticode Signature Check on Startup

A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature.  The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly.  However, by default most applications don't need Publisher evidence.  Standard CAS policy does not rely on the PublisherMembershipCondition, so unless your application will run on a machine with custom CAS policy modifications, or is intending on satisfying demands for PublisherIdentityPermission (taking into mind that FullTrust means FullTrust in v2.0 of the framework), this is wasted startup cost that could be done without.

Obviously if you know your application doesn't need the Publisher evidence, you won't want to pay the cost of having the signature verified.  If you download the Orcas Beta 1 bits, you'll be able to take advantage of a feature in the runtime that disables this signature verification.  Your application can now opt out of Authenticode signature verification; which will mean that time to load each assembly will improve (therefore leading to an improvement in startup time if your entry point assembly has an Authenticode signature).  The tradeoff of course is that assemblies will no longer receive Publisher evidence or PublisherIdentityPermission.  Applications which wish to take advantage of this can add the following line to their .exe.config file:

 <configuration>

     <runtime>

         <generatePublisherEvidence enabled="false"/>

     </runtime>

 </configuration>

Which will prevent the CLR from verifying the Authenticode signatures of any assembly loaded by the application.