What is strong naming and how do I strong name a binary?

Question

I heard somewhere that I need to strong name my binaries before I distribute them. Any ideas what this is?

Answer 1

Eric Lippert posted about strong signing assemblies recently:

The purpose of a strong name is solely to ensure that when you load an assembly by name, you are loading exactly the assembly you think you are loading. You say "I want to load Frobber, version 4, that came from FooCorp". The strong name gear ensures that you actually load precisely that DLL, and not another assembly called Frobber, version 4, that came from Dr. Evil Enterprises. You can then set security policy which says "if I have an assembly from FooCorp on my machine, fully trust it." These scenarios are the only by-design purposes of strong names.

Answer 2

In short strong named assemblies are signed with a certificate. They play a role for the CAS (Code Access Security): what the assembly has the right to do or not to do.

[Edit] as some of you pointed out: it is really advised to create strong assemblies as they will be more robust against attacks like introducing foreign malicious code into your application if you wrote some plug-in mechanism for example.

This way you can limit what the 3rdparty plug-ins are allowed to do in the context of your application.

Answer 3

To answer the second part of the question: How to: Sign an Assembly with a Strong Name

To create and sign an assembly with a strong name by using Visual Studio

In Solution Explorer, open the shortcut menu for the solution, and then choose Properties.

Choose the Signing tab.

Select the Sign the assembly box.

In the Choose a strong name key file box, choose , and then navigate to the key file. To create a new key file, choose and enter its name in the Create Strong Name Key dialog box.

Answer 4

If you're talking about .NET assemblies, here are the docs.

Answer 5

I found this MSDN magazine article useful when learning about strong naming assemblies.