Strong Name Bypass

Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures.  For most of these applications, the strong name verification isn’t buying the application anything – especially fully trusted desktop applications that are using C# as a better C++. Since these applications were paying the cost…


Combining Strong Names with Authenticode

If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need to make sure to do these in a specific order. Strong name…


Reducing Startup Time Due To Strong Name Verification

Occasionally we run into a scenario where someone asks about shipping a strong name skip verification entry for their assembly with their product. Generally, their reasoning is that the performance hit of strong name verification is too great for their application. Regardless of the reasoning, you should never ship a skip verification entry. The strong…


APTCA and SQL Server 2005

Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute.  Today, the SQL-CLR blog takes a look at how APTCA affects assemblies hosted in SQL Server 2005 databases — recommended reading for those dealing with strong names and SQL Server.


CLR Inside Out: Using Strong Name Signatures

Mike Downen, our CLR security PM, wrote the CLR Inside Out column this month in MSDN Magazine on strong name signatures.  He covers what strong name signatures are, what they’re good for, what they’re not good for, delay signing, and test signing. I just noticed that it went online recently; worth checking out if you haven’t…


Test Signing in Action: IronPython Beta 7

The IronPython team just announced their v1.0 beta 7 release, which is especially interesting to me because they’ve enabled IronPython to be signed with a test key signature. Beta 7 has four configurations, the standard Release and Debug along with Signed versions of both. If you choose a Signed version, the build will look for…


Sharing a Strong Name Key File Across Projects

v2.0 of the .NET Framework deprecated the use of the AssemblyKeyFileAttribute and AssemblyKeyContainerAttribute.  Often times, these attributes were used to share a common key file across several projects. If you try to share key files using the Visual Studio 2005 <Browse …> function on the signing property page, you’ll find that the key file is…


What Happens When You Fully Sign a Test Signed Assembly

When an assembly is test signed, the public key used to verify its signature is different from the public key that makes up part of the assembly identity.  So what happens when you take an assembly which is registered as a test signed assembly on your machine and fully sign it? The key here (aren’t…


SN v2.0 Works With PFX Files

One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the ability to work with PKCS #12 PFX files in addition to SNK files.  The logic here is that a self signed certificate stored in a PFX file is the moral equivalent of an SNK key,…


Authenticode and Assemblies

The general concepts of Authenticode signing an assembly are well understood — they mostly correlate directly to the standard Win32 concept of a signed catalog.  However, there are a few places where managed code plays differently, and sometimes these catch people off guard. Authenticode Signatures and Strong Name Signatures These two signatures are completely independent of…