55 Comments

-- Download (v3.5.0.0) --
-- NuGet Package --

Automatic strong-name signing of referenced assemblies. Build tasks and utility software to strong-name sign .NET assemblies, including assemblies you do not have the source code for. If you strong-name sign your own projects you may have noticed that if you reference an unsigned third party assembly you get an error similar to “Referenced assembly 'A.B.C' does not have a strong name”. If you did not create this assembly, you can use this tool to sign the assembly with your own (or temporarily generated) strong-name key. The tool will also re-write the assembly references (as well as any InternalsVisibleTo references) to match the new signed versions of the assemblies you create.

Why?

I decided to write this tool because I have needed to sign assemblies myself a number of times. When contacting the developer fails, it leaves you little choice. You either leave your projects unsigned which is often not an option, or find a way around the problem.

I first learnt how to do this trick from OJ Reeve’s article on signing and unsigned assembly. The information is somewhat dated and doesn’t mention using the /TYPELIST option which is crucial to make the round-trip in some scenarios. There are some other tools out there that do this but are also out of date, lack features, are difficult to configure and sometimes create unpredictable results.

Developers still struggle to overcome this problem so I wanted to create a really simple UI, command-line and API to simplify the process. I used the existing tools for inspiration and made sure that Strong-Name Signer overcame all the issues that they currently have.

Strong-Name Signer

This application is the answer to your assembly signing needs. Whether you prefer to use an GUI, the command-line or an API, Strong-Name Signer covers all those bases.

Features
  1. Supports strong-name signing assemblies built in v1.0 to v4.5 of the .NET framework.
  2. Accessible via GUI, command-line or programmatic API.
  3. Round-trips assembly attributes (32-bit preferred, x64 only etc.) correctly.
  4. No need for an existing SNK file, one can be generated for you.
  5. Automatically backs up your files before signing.
  6. Does not require specific command-prompts or framework/SDK tools.
  7. Update BAML resources with new references.

User Interface

Drag-and-drop files or directories and .NET assemblies will be detected. Kept it very simple so it’s accessible and understandable by any user.

Console

Simple command-line options to automate from script files. At minimum you can provide an assembly file, the rest will be done automatically.

StrongNameSigner_Console

API

A public API is exposed you can reference Brutal.Dev.StrongNameSigner.dll and make use of the static methods on SigningHelper to perform strong-name signing tasks from code or PowerShell scripts.

StrongNameSigner_Help

-- Download (v3.5.0.0) --
-- NuGet Package --

Other Existing Tools

I investigated the following tools when developing Strong-Name Signer. I want to give the authors credit since it was the shortcomings in these tools that were the basis for a lot of the features in Strong-Name Signer.

Assembly Signer

This tool was last released in 2010 and contains some bugs that don’t make it a very reliable option.

  1. Manual configuration to identify external tools location.
  2. Doesn’t handle spaces in assembly paths.
  3. Fails on certain round-trips (not using /TYPELIST).
  4. Requires an existing SNK file.
  5. Can only sign DLL files and not EXE files (which are also assemblies).
  6. Requires user input from the command-line / cannot be easily automated.
  7. Can cause problems for a 2.0 assembly if the wrong tools are used.
  8. Fails to recompile 64-bit platform targeted assemblies.
  9. No graphical user interface.

Signer

This tool appears to be the most promising but has been abandoned since early 2007. It does most things correctly but has a number of open bugs that Strong-Name Signer fixes. I had the option of contributing to this project but I wanted to change the architecture in a way that I could unit test the functionality easily.

  1. Requires running in Visual Studio 2005 command-prompt (2010 does not work).
  2. Does not support .NET 4.x+ assemblies.
  3. Requires an existing SNK file.
  4. Requires special handling to recompile 64-bit platform targeted assemblies.
  5. Performs manual re-writing of IL that are not required anymore with newer tools.
  6. No graphical user interface.

Open Source

The source code for this project is available on GitHub.

Comments

Comment by dev

Thank you man! Your tool saved my time.

dev
Comment by Pantelis Ar

I'm in a situation where I need to digitally sign my application which contains third-party assemblies.

While everything works as expected if I don't sign the application, when I do I get a XAMLParseException while trying to load on of the third-party components.

I'm using a key file (.snk) I generated using VS Command line tool, and your tool to sign the app and assemblies.

Any thoughts?

Pantelis Ar
Comment by Pantelis Ar

I'm actually signing the application from the `signing` tab on project properties of VS and your application to sign the third-party assemblies.

Pantelis Ar
Comment by Hamster

I'm trying to sign a third party dll with a password protect pfx file and the using the GUI it works like a charm (although the path is renamed to .snk and I get the message that the file doesn't exist?) but with the console application (which I would like to use for scripting) I get:

[quote]Error: Unable to obtain public key for StrongNameKeyPair.

0 file(s) were strong-name signed.
0 references(s) were fixed.[/quote]

Some use of Google tells met that it has to do with permissions but the GUI works fine and running cmd with forced admin rights doesn't fix it. If I don't use the .pfx the random signing with console does succeed. Any idea/suggestions on how to fix console or why GUI works (even with the renaming and popup) but console doesn't?

Ps. Preview and save comment didn't work for me but that could be the many ad/script blockers I use :D Using Firefox btw (used Chrome to post).

Hamster
Comment by alas

you my friend, are awesome.

alas
Comment by Jamie

Right on time! Thank you.

Comment by Wolfgang

Thanks, you saved my day ;-)

Wolfgang
Comment by Daniel

From a fellow brutal \m/ developer - you are a life-saver! Thank you!

Daniel
Comment by Phil Barr

Absolute life saver at nearly midnight!! You are an absolute genius. Thankyou for investigating this thoroughly and going to the effort of building a smart little app for us. You are a life saver. Please, please, please set up a donation page so I can give you some of my money.

Phil Barr
Comment by Majdi M. Aburahelah

Thanks it's save my time.

Majdi M. Aburahelah
Comment by jeff

Wow thanks for your work and your time.
What did you use to generate documentation ?

Thanks again,

Jeff
http://jeff-sharepoint-notes.fr

Comment by Dave

I'm trying to sign Microsoft.WindowsAPICodePack.dll for our application. I've tried using our own snk file as well as letting the tool generate its own key, but I get the following error:
Error 4 The "ResolveAssemblyReference" task failed unexpectedly.
System.Security.SecurityException: Invalid assembly public key. (Exception from HRESULT: 0x8013141E)
[...]
The Zone of the assembly that failed was:
MyComputer

Could you offer any help with that?

Comment by Werner

The error implies that something referencing Microsoft.WindowsAPICodePack.dll was not updated to use the new signed assembly reference. Because you changed the referential identifier for Microsoft.WindowsAPICodePack.dll, any assemblies built that are referencing it need to be updated as well.

For example, if A.dll referenced Microsoft.WindowsAPICodePack.dll and then you just signed Microsoft.WindowsAPICodePack.dll, the reference will now be invalid since Microsoft.WindowsAPICodePack.dll has a new strong-name key. Remember that assembly references include the public key if one is available. The strong-name signer will fix this reference for you by re-writing A.dll, but you need to include it in the list of files to process. You can also recompile A.dll but now pointing your reference to the newly signed Microsoft.WindowsAPICodePack.dll which is why this tool should ideally be used as a *pre-build* step.

Comment by Punit

Thanks man! Great job.

Punit
Comment by Darren

This is totally awesome and saved my day after hours of research. Thanks. Great Job

Darren
Comment by Matt

Hi. I just installed your NuGet package 'Brutal.Dev.StrongNameSigner'. I can see the command line application in the packages folder. Stupid question.. How do I display the UI that you show above??

Matt
Comment by Ruhollah Delpak

Thanks a lot, you saved may day. Great Job!

Comment by Akhilesh Nirapure

Excellent tool, a must for my tool box.

Akhilesh Nirapure
Comment by El Servs

Thank you for this! Very, very cool. Great work.

Nancy.dll and other nancy stuff unsinged... until now :-)

El Servs
Comment by Infinity

Thanks a lot. Your tool saved my time

Comment by Yaqui

Thank you so much!!! This is wonderfull :-)

Yaqui
Comment by aish

you are awesome!!this tool solved all my problems!!

aish
Comment by Paul

Yes anyone wanting to sign the vmware assembly dlls vimservice2005.dll and vim25service2005.dll, it wouldn't go with the bat file methods due to internal references but this tool fixed it instantly.

Nicely written too. Thank you

Paul
Comment by Hilarion

I'm looking for a "sn.exe" replacement, and this tool seems to be the closest one for my case.
I need an application, which will work from command line (like "sn"), will be able to finish a strong-name signing process, when an assembly was compiled with delay signing, using a key pair from a PFX file, which is password protected (the "-R" option of "sn"), and will accept the key file password as a command line parameter or (better) from standard input. The "sn" tool only allows entering the password interactively, which prevents operation automation.
Is this application able to fulfill those requirements?
I do not want it to decompile and recompile my assembly, just add a signature, for which the delay signing compilation already prepared the assembly.

Hilarion
Comment by Werner

@Hilarion It can do everything you have described. The tool is used for much more than simply signing, but hey, if that's what you want to use it for then go ahead. PFX files can be used and the password supplied as an argument/parameter to the console application. If the application doesn't do exactly what you want, you can also just use the simple API directly and make yourself a console app. Read the docs on the GitHub page for all the information you need: https://github.com/brutaldev/StrongNameSigner

Comment by Great App

WOW! Amazing app, especially when you need to bulk sign a large group of dlls with the same key. Thank you!

Great App
Comment by Jon

When are you planning to support 4.6?

Jon
Comment by Drew

When I try adding a .dll, I get an error dialog saying "Operation is not valid due to the current state of the object." Any idea what could be wrong?

Drew
Comment by Karl

Great tool. Thank you.

The problem I have now is that there is a tool provided by the providers of the SDK DLL I needed to sign that no longer works with the signed DLLs, but that's what batch files are for!

Thanks again

Karl
Comment by Bob Zimmerman

Excellent work!

Bob Zimmerman
Comment by Brendan

Brilliant! Thanks you!

Brendan
Comment by GUST.AVZH

Merci bien! it's quite a user-friendly and powerful tool to resolve the problem. Saved me a lot of time!

GUST.AVZH
Comment by Neil Johnson

Very useful, opens up the possibility of using a lot of useful open source libraries. Thanks.

Neil Johnson
Comment by Ignacio Carra

Thanks for saving our time ;)

Ignacio Carra
Comment by Philipp Elhaus

Thanks a lot, very handy. Good stuff!

Philipp Elhaus
Comment by oba

Postmark (a transactional email service) published their c# API in a nuget package under the same name. Their assemblies are not signed. I reached out to them, and they replied that they might sign them in an uncertain future. In the mean time I tried your tool to re-sign their Postmark.dll. There was this error thrown: "Symbols were found but are not matching the assembly". The file is not being added to the list. What is the reason?

oba
Comment by Werner

@Oba: Since you did not leave a valid email address I can't help you. That's an old error and generally means the symbols are not going to be updated to reflect the changes in the assembly so you will not be able to step-into debug them. Can't tell you why though without more information.

Werner
Comment by oba

Like I said, this is publicly available nuget package, so if you are looking for more information, you can install it and see for yourself that the tool does not add Postmark.dll to the list after throwing this error. I could not possibly provide any more information since everything that I know is already in the original comment.

oba
Comment by abo

Werner, you do not need my email address to install a publicly available nuget package Postmark and to try loading the DLL that I have named. I could not possibly provide any additional information that may only be obtained from the nuget package and its DLL. I just do not know anything else on top of what I wrote in the original comment. As to the emails, did you ever receive emails that say "do not reply, the from address is not being monitored"? This is one of such cases: I have no email box that I could possibly use for any feedback, and I can only read something on this very page. This is not something that I have power to change. I am even connecting over the VPN because there is no Internet infrastructure around where I am. I wish it was different, but it is the way it is.

abo
Comment by Werner

@Oba/Abo - Works for me. Try use the user interface and drop the file in, signs it no problem with no errors. Like I said, old problem, you are probably using an old version. Not going to start a chat thread here, if you believe this is actually an issue then please log an issue on GitHub: github.com/brutaldev/StrongNameSigner/issues

Werner
Comment by Werner

Here is a working sample project: brutaldev.com/.../StrongNameSignerPostMarkTest.zip

All I did was added the Postmark and Strong-Name Signer Nuget packages and built the project.

1>------ Rebuild All started: Project: StrongNameSignerPostMarkTest, Configuration: Debug Any CPU ------
1>-- Starting Brutal Developer .NET Assembly Strong-Name Signer Task --
1>Strong-name signature applied to 'C:\Dev\GitHub\StrongNameSignerPostMarkTest\obj\Debug\netcoreapp3.1\StrongNameSigner\Postmark.dll' successfully.
1>-- Finished Brutal Developer .NET Assembly Strong-Name Signer Task -- 00:00:00.0761620

Werner
Comment by Miguel Angel Becerra Otero

Awesome tool. You made me save hours of work.
Thank you so much!!

Miguel Angel Becerra Otero
Comment by Matt

Awesome tool!

This is absolutely great. Not sure it'll be accepted in my company, due to legal concerns, but it definitely saved me a lot of time

Thanks!!!

Matt
Comment by Yishay G.

You actually saved me...

Yishay G.
Comment by Anshuman Mor

Can you help me with an error "Failed to verify assembly -- Strong name validation failed.", I am getting this error when I am doing strong name signing with a keyContainer on CSP. I am using RSA 3072 bit key

But, when I am using a locally generated snk with same keysize and signing, everything works fine.

The commands are all same except the snk file vs key container.

Anshuman Mor
Comment by Pablo S.

Werner:
Your tool helped me detect a poorly signed DevExpress DLL.
I repaired the installation of the product from the Windows Control Panel and I was able to verify that the DLL was finally signed correctly.
Thank you for your contribution.

Greetings from Argentina.

Pablo S.
Comment by RP

I get this error when signing a third-party .dll: Error strong-name signing: Failed to resolve assembly: 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'

RP
Comment by bestbioinsta.com

Strong name validation failed.", I am getting this error when I am doing strong name signing with a keyContainer on

Comment by Alexis Martial

Great Tool!
I have a case where I need to use only the public key and delayed signing.
Is it possible?

Comment by XL

Is there a way to exclude a NuGet package so that Brutal does not modify the assemblies in that package? Thanks in advance!

XL
Post comment