.NET Assembly Strong-Name Signer
- Posted in:
- Automation
- Software
-- Download (v3.5.0.0) --
-- NuGet Package --
Automatic strong-name signing of referenced assemblies. Build tasks and utility software to strong-name sign .NET assemblies, including assemblies you do not have the source code for. If you strong-name sign your own projects you may have noticed that if you reference an unsigned third party assembly you get an error similar to “Referenced assembly 'A.B.C' does not have a strong name”. If you did not create this assembly, you can use this tool to sign the assembly with your own (or temporarily generated) strong-name key. The tool will also re-write the assembly references (as well as any InternalsVisibleTo references) to match the new signed versions of the assemblies you create.
Why?
I decided to write this tool because I have needed to sign assemblies myself a number of times. When contacting the developer fails, it leaves you little choice. You either leave your projects unsigned which is often not an option, or find a way around the problem.
I first learnt how to do this trick from OJ Reeve’s article on signing and unsigned assembly. The information is somewhat dated and doesn’t mention using the /TYPELIST option which is crucial to make the round-trip in some scenarios. There are some other tools out there that do this but are also out of date, lack features, are difficult to configure and sometimes create unpredictable results.
Developers still struggle to overcome this problem so I wanted to create a really simple UI, command-line and API to simplify the process. I used the existing tools for inspiration and made sure that Strong-Name Signer overcame all the issues that they currently have.
Strong-Name Signer
This application is the answer to your assembly signing needs. Whether you prefer to use an GUI, the command-line or an API, Strong-Name Signer covers all those bases.
Features
- Supports strong-name signing assemblies built in v1.0 to v4.5 of the .NET framework.
- Accessible via GUI, command-line or programmatic API.
- Round-trips assembly attributes (32-bit preferred, x64 only etc.) correctly.
- No need for an existing SNK file, one can be generated for you.
- Automatically backs up your files before signing.
- Does not require specific command-prompts or framework/SDK tools.
- Update BAML resources with new references.
User Interface
Drag-and-drop files or directories and .NET assemblies will be detected. Kept it very simple so it’s accessible and understandable by any user.
Console
Simple command-line options to automate from script files. At minimum you can provide an assembly file, the rest will be done automatically.
API
A public API is exposed you can reference Brutal.Dev.StrongNameSigner.dll and make use of the static methods on SigningHelper to perform strong-name signing tasks from code or PowerShell scripts.
-- Download (v3.5.0.0) --
-- NuGet Package --
Other Existing Tools
I investigated the following tools when developing Strong-Name Signer. I want to give the authors credit since it was the shortcomings in these tools that were the basis for a lot of the features in Strong-Name Signer.
Assembly Signer
This tool was last released in 2010 and contains some bugs that don’t make it a very reliable option.
- Manual configuration to identify external tools location.
- Doesn’t handle spaces in assembly paths.
- Fails on certain round-trips (not using /TYPELIST).
- Requires an existing SNK file.
- Can only sign DLL files and not EXE files (which are also assemblies).
- Requires user input from the command-line / cannot be easily automated.
- Can cause problems for a 2.0 assembly if the wrong tools are used.
- Fails to recompile 64-bit platform targeted assemblies.
- No graphical user interface.
Signer
This tool appears to be the most promising but has been abandoned since early 2007. It does most things correctly but has a number of open bugs that Strong-Name Signer fixes. I had the option of contributing to this project but I wanted to change the architecture in a way that I could unit test the functionality easily.
- Requires running in Visual Studio 2005 command-prompt (2010 does not work).
- Does not support .NET 4.x+ assemblies.
- Requires an existing SNK file.
- Requires special handling to recompile 64-bit platform targeted assemblies.
- Performs manual re-writing of IL that are not required anymore with newer tools.
- No graphical user interface.
Open Source
The source code for this project is available on GitHub.
Comments
Thank you man! Your tool saved my time.
devI'm in a situation where I need to digitally sign my application which contains third-party assemblies.
Pantelis ArWhile everything works as expected if I don't sign the application, when I do I get a XAMLParseException while trying to load on of the third-party components.
I'm using a key file (.snk) I generated using VS Command line tool, and your tool to sign the app and assemblies.
Any thoughts?
I'm actually signing the application from the `signing` tab on project properties of VS and your application to sign the third-party assemblies.
Pantelis ArI'm trying to sign a third party dll with a password protect pfx file and the using the GUI it works like a charm (although the path is renamed to .snk and I get the message that the file doesn't exist?) but with the console application (which I would like to use for scripting) I get:
Hamster[quote]Error: Unable to obtain public key for StrongNameKeyPair.
0 file(s) were strong-name signed.
0 references(s) were fixed.[/quote]
Some use of Google tells met that it has to do with permissions but the GUI works fine and running cmd with forced admin rights doesn't fix it. If I don't use the .pfx the random signing with console does succeed. Any idea/suggestions on how to fix console or why GUI works (even with the renaming and popup) but console doesn't?
Ps. Preview and save comment didn't work for me but that could be the many ad/script blockers I use :D Using Firefox btw (used Chrome to post).
you my friend, are awesome.
alasRight on time! Thank you.
JamieThanks, you saved my day ;-)
WolfgangFrom a fellow brutal \m/ developer - you are a life-saver! Thank you!
DanielAbsolute life saver at nearly midnight!! You are an absolute genius. Thankyou for investigating this thoroughly and going to the effort of building a smart little app for us. You are a life saver. Please, please, please set up a donation page so I can give you some of my money.
Phil BarrThanks it's save my time.
Majdi M. AburahelahWow thanks for your work and your time.
jeffWhat did you use to generate documentation ?
Thanks again,
Jeff
http://jeff-sharepoint-notes.fr
@Jeff: I use Sandcastle Help File Builder as a release build step: https://github.com/EWSoftware/SHFB.
WernerI'm trying to sign Microsoft.WindowsAPICodePack.dll for our application. I've tried using our own snk file as well as letting the tool generate its own key, but I get the following error:
DaveError 4 The "ResolveAssemblyReference" task failed unexpectedly.
System.Security.SecurityException: Invalid assembly public key. (Exception from HRESULT: 0x8013141E)
[...]
The Zone of the assembly that failed was:
MyComputer
Could you offer any help with that?
The error implies that something referencing Microsoft.WindowsAPICodePack.dll was not updated to use the new signed assembly reference. Because you changed the referential identifier for Microsoft.WindowsAPICodePack.dll, any assemblies built that are referencing it need to be updated as well.
WernerFor example, if A.dll referenced Microsoft.WindowsAPICodePack.dll and then you just signed Microsoft.WindowsAPICodePack.dll, the reference will now be invalid since Microsoft.WindowsAPICodePack.dll has a new strong-name key. Remember that assembly references include the public key if one is available. The strong-name signer will fix this reference for you by re-writing A.dll, but you need to include it in the list of files to process. You can also recompile A.dll but now pointing your reference to the newly signed Microsoft.WindowsAPICodePack.dll which is why this tool should ideally be used as a *pre-build* step.
Thanks man! Great job.
PunitThis is totally awesome and saved my day after hours of research. Thanks. Great Job
DarrenHi. I just installed your NuGet package 'Brutal.Dev.StrongNameSigner'. I can see the command line application in the packages folder. Stupid question.. How do I display the UI that you show above??
MattThe NuGet package only contains the console application so you can easily add it to build scripts. For the UI, you should install the full application using the setup provided: brutaldev.com/download/StrongNameSigner_Setup.exe
WernerThanks a lot, you saved may day. Great Job!
Ruhollah DelpakExcellent tool, a must for my tool box.
Akhilesh NirapureThank you for this! Very, very cool. Great work.
El ServsNancy.dll and other nancy stuff unsinged... until now :-)
Thanks a lot. Your tool saved my time
InfinityThank you so much!!! This is wonderfull :-)
Yaquiyou are awesome!!this tool solved all my problems!!
aishYes anyone wanting to sign the vmware assembly dlls vimservice2005.dll and vim25service2005.dll, it wouldn't go with the bat file methods due to internal references but this tool fixed it instantly.
PaulNicely written too. Thank you
I'm looking for a "sn.exe" replacement, and this tool seems to be the closest one for my case.
HilarionI need an application, which will work from command line (like "sn"), will be able to finish a strong-name signing process, when an assembly was compiled with delay signing, using a key pair from a PFX file, which is password protected (the "-R" option of "sn"), and will accept the key file password as a command line parameter or (better) from standard input. The "sn" tool only allows entering the password interactively, which prevents operation automation.
Is this application able to fulfill those requirements?
I do not want it to decompile and recompile my assembly, just add a signature, for which the delay signing compilation already prepared the assembly.
@Hilarion It can do everything you have described. The tool is used for much more than simply signing, but hey, if that's what you want to use it for then go ahead. PFX files can be used and the password supplied as an argument/parameter to the console application. If the application doesn't do exactly what you want, you can also just use the simple API directly and make yourself a console app. Read the docs on the GitHub page for all the information you need: https://github.com/brutaldev/StrongNameSigner
WernerWOW! Amazing app, especially when you need to bulk sign a large group of dlls with the same key. Thank you!
Great AppWhen are you planning to support 4.6?
JonStill works with 4.7.1 assemblies... If you have a problem please log the issue on Github: github.com/brutaldev/StrongNameSigner/issues
WernerWhen I try adding a .dll, I get an error dialog saying "Operation is not valid due to the current state of the object." Any idea what could be wrong?
DrewProbably trying to sign .NET Core assemblies or using an old version.
Wernergithub.com/brutaldev/StrongNameSigner/issues/41
Great tool. Thank you.
KarlThe problem I have now is that there is a tool provided by the providers of the SDK DLL I needed to sign that no longer works with the signed DLLs, but that's what batch files are for!
Thanks again
Excellent work!
Bob ZimmermanBrilliant! Thanks you!
BrendanMerci bien! it's quite a user-friendly and powerful tool to resolve the problem. Saved me a lot of time!
GUST.AVZHVery useful, opens up the possibility of using a lot of useful open source libraries. Thanks.
Neil JohnsonThanks for saving our time ;)
Ignacio CarraThanks a lot, very handy. Good stuff!
Philipp ElhausPostmark (a transactional email service) published their c# API in a nuget package under the same name. Their assemblies are not signed. I reached out to them, and they replied that they might sign them in an uncertain future. In the mean time I tried your tool to re-sign their Postmark.dll. There was this error thrown: "Symbols were found but are not matching the assembly". The file is not being added to the list. What is the reason?
oba@Oba: Since you did not leave a valid email address I can't help you. That's an old error and generally means the symbols are not going to be updated to reflect the changes in the assembly so you will not be able to step-into debug them. Can't tell you why though without more information.
WernerLike I said, this is publicly available nuget package, so if you are looking for more information, you can install it and see for yourself that the tool does not add Postmark.dll to the list after throwing this error. I could not possibly provide any more information since everything that I know is already in the original comment.
obaWerner, you do not need my email address to install a publicly available nuget package Postmark and to try loading the DLL that I have named. I could not possibly provide any additional information that may only be obtained from the nuget package and its DLL. I just do not know anything else on top of what I wrote in the original comment. As to the emails, did you ever receive emails that say "do not reply, the from address is not being monitored"? This is one of such cases: I have no email box that I could possibly use for any feedback, and I can only read something on this very page. This is not something that I have power to change. I am even connecting over the VPN because there is no Internet infrastructure around where I am. I wish it was different, but it is the way it is.
abo@Oba/Abo - Works for me. Try use the user interface and drop the file in, signs it no problem with no errors. Like I said, old problem, you are probably using an old version. Not going to start a chat thread here, if you believe this is actually an issue then please log an issue on GitHub: github.com/brutaldev/StrongNameSigner/issues
WernerHere is a working sample project: brutaldev.com/.../StrongNameSignerPostMarkTest.zip
WernerAll I did was added the Postmark and Strong-Name Signer Nuget packages and built the project.
1>------ Rebuild All started: Project: StrongNameSignerPostMarkTest, Configuration: Debug Any CPU ------
1>-- Starting Brutal Developer .NET Assembly Strong-Name Signer Task --
1>Strong-name signature applied to 'C:\Dev\GitHub\StrongNameSignerPostMarkTest\obj\Debug\netcoreapp3.1\StrongNameSigner\Postmark.dll' successfully.
1>-- Finished Brutal Developer .NET Assembly Strong-Name Signer Task -- 00:00:00.0761620
Awesome tool. You made me save hours of work.
Miguel Angel Becerra OteroThank you so much!!
Awesome tool!
MattThis is absolutely great. Not sure it'll be accepted in my company, due to legal concerns, but it definitely saved me a lot of time
Thanks!!!
You actually saved me...
Yishay G.Can you help me with an error "Failed to verify assembly -- Strong name validation failed.", I am getting this error when I am doing strong name signing with a keyContainer on CSP. I am using RSA 3072 bit key
Anshuman MorBut, when I am using a locally generated snk with same keysize and signing, everything works fine.
The commands are all same except the snk file vs key container.
Werner:
Pablo S.Your tool helped me detect a poorly signed DevExpress DLL.
I repaired the installation of the product from the Windows Control Panel and I was able to verify that the DLL was finally signed correctly.
Thank you for your contribution.
Greetings from Argentina.
I get this error when signing a third-party .dll: Error strong-name signing: Failed to resolve assembly: 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
RPStrong name validation failed.", I am getting this error when I am doing strong name signing with a keyContainer on
bestbioinsta.comGreat Tool!
Alexis MartialI have a case where I need to use only the public key and delayed signing.
Is it possible?
Is there a way to exclude a NuGet package so that Brutal does not modify the assemblies in that package? Thanks in advance!
XLPlease refer to the documentation on how to filter packages and paths: github.com/.../StrongNameSigner#build-process
Werner