strongname

I am currently thinking about open-sourcing a project of mine and am in the process of preparing the source code and project structure to be released to the public. Now I got one question: how should I handle the signature key for my assemblies? Should I create a new key for the open-source version and publish it along with the other files to the SVN repository? Should I leave the key out and everyone who wants to compile the code should generate his own key? How do you handle this? I feel a little bit uncomfortable with releasing a signature key to the public. Jon Skeet For Protocol Buffers ,

From the description of sn.exe utility and this question I see that a copy of the public key is added to every assembly signed with the strong name. This is enough to validate that the assembly binary has not been altered. But how does one verify that given assembly was really signed with some given keypair and compiled by a given company? Anyone could generate his own keypair, produce some assembly and sign it with his keypair. Do I need to publish the public key so that those who want to verify the assembly origin could compare the public keys? if so, what is the best way to do so? No, you

Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name? Is it enough / secure to compare the values returned from AssemblyName.GetPublicKey() method? Assembly loaded = Assembly.LoadFile(path); byte[] evidenceKey = loaded.GetName().GetPublicKey(); if (evidenceKey != null) { byte[] internalKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey(); if (evidenceKey.SequenceEqual(internalKey)) { return extension; } } Can't this be spoofed? I am not sure if the SetPublicKey() method has any effect on a built assembly, but even the MSDN documentation

I'm writing a .NET tool that requires the SQL Server SMO library. I don't care if it's the version from Server 2005 (9.0), 2008 (10.0) or 2008 R2 (probably 10.5, didn't check). The SMO library is installed together SQL Server, so I can safely assume that on any system with SQL Server installed, some version of the SMO library is available as well. Unfortunately, the SMO libraries are strongly-named: If I add a reference to SMO 9.0 in my project, it will fail ( FileNotFoundException ) if only SMO 10.0 is present on the customer's system, and vice versa. Is there some way to tell the compiler

What is a .snk file for? I know it stands for Strongly Named Key , but all explanations of what it is and how it works goes over my head. Is there any simple explanation on how a strongly named key is used and how it works? Blair Conrad The .snk file is used to apply a strong name to a .NET assembly . such a strong name consists of a simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. The SNK contains a unique key pair - a private and public key that can be used to ensure that you have a unique strong name for the assembly. When

O.k, this is really irritating, I had noticed previously that the code generated by WPF for loading XAML resources did not appear to use strong names and therefore may be problematic for scenarios where you need to support side by side versions of WPF assemblies. This has turned out to be the case, and it's now causing me problems - I have a plug-in system which is supposed to support side by side installation of plugins which differ only in their version numbers (their assembly versions). This of course can be supported by .NET since assemblies are determined to have different identities even