8 Comments

-- Download (v1.4.2.0) --

Utility software to strong-name sign .NET assemblies, including assemblies you do not have the source code for. If you strong-name sign your own projects you may have noticed that if you reference an unsigned third party assembly you get an error similar to “Referenced assembly 'A.B.C' does not have a strong name”. If you did not create this assembly, you can use this tool to sign the assembly with your own (or temporarily generated) strong-name key. The tool will also re-write the assembly references (as well as any InternalsVisibleTo references) to match the new signed versions of the assemblies you create.

Why?

I decided to write this tool because I have needed to sign assemblies myself a number of times. When contacting the developer fails, it leaves you little choice. You either leave your projects unsigned which is often not an option, or find a way around the problem.

I first learnt how to do this trick from OJ Reeve’s article on signing and unsigned assembly. The information is somewhat dated and doesn’t mention using the /TYPELIST option which is crucial to make the round-trip in some scenarios. There are some other tools out there that do this but are also out of date, lack features, are difficult to configure and sometimes create unpredictable results.

Developers still struggle to overcome this problem so I wanted to create a really simple UI, command-line and API to simplify the process. I used the existing tools for inspiration and made sure that Strong-Name Signer overcame all the issues that they currently have.

Strong-Name Signer

This application is the answer to your assembly signing needs. Whether you prefer to use an GUI, the command-line or an API, Strong-Name Signer covers all those bases.

Features
  1. Supports strong-name signing assemblies built in v1.0 to v4.5 of the .NET framework.
  2. Accessible via GUI, command-line or programmatic API.
  3. Round-trips assembly attributes (32-bit preferred, x64 only etc.) correctly.
  4. No need for an existing SNK file, one can be generated for you.
  5. Automatically backs up your files before signing.
  6. Does not require specific command-prompts or framework/SDK tools.

User Interface

Drag-and-drop files or directories and .NET assemblies will be detected. Kept it very simple so it’s accessible and understandable by any user.

Console

Simple command-line options to automate from script files. At minimum you can provide an assembly file, the rest will be done automatically.

StrongNameSigner_Console

API

A public API is exposed you can reference Brutal.Dev.StrongNameSigner.dll and make use of the static methods on SigningHelper to perform strong-name signing tasks from code or PowerShell scripts.

StrongNameSigner_Help

-- Download (v1.4.2.0) --

Other Existing Tools

I investigated the following tools when developing Strong-Name Signer. I want to give the authors credit since it was the shortcomings in these tools that were the basis for a lot of the features in Strong-Name Signer.

Assembly Signer

This tool was last released in 2010 and contains some bugs that don’t make it a very reliable option.

  1. Manual configuration to identify external tools location.
  2. Doesn’t handle spaces in assembly paths.
  3. Fails on certain round-trips (not using /TYPELIST).
  4. Requires an existing SNK file.
  5. Can only sign DLL files and not EXE files (which are also assemblies).
  6. Requires user input from the command-line / cannot be easily automated.
  7. Can cause problems for a 2.0 assembly if the wrong tools are used.
  8. Fails to recompile 64-bit platform targeted assemblies.
  9. No graphical user interface.

Signer

This tool appears to be the most promising but has been abandoned since early 2007. It does most things correctly but has a number of open bugs that Strong-Name Signer fixes. I had the option of contributing to this project but I wanted to change the architecture in a way that I could unit test the functionality easily.

  1. Requires running in Visual Studio 2005 command-prompt (2010 does not work).
  2. Does not support .NET 4.x+ assemblies.
  3. Requires an existing SNK file.
  4. Requires special handling to recompile 64-bit platform targeted assemblies.
  5. Performs manual re-writing of IL that are not required anymore with newer tools.
  6. No graphical user interface.

Open Source

The source code for this project is available on GitHub.

Comments

Comment by dev

Thank you man! Your tool saved my time.

dev
Comment by Pantelis Ar

I'm in a situation where I need to digitally sign my application which contains third-party assemblies.

While everything works as expected if I don't sign the application, when I do I get a XAMLParseException while trying to load on of the third-party components.

I'm using a key file (.snk) I generated using VS Command line tool, and your tool to sign the app and assemblies.

Any thoughts?

Pantelis Ar
Comment by Pantelis Ar

I'm actually signing the application from the `signing` tab on project properties of VS and your application to sign the third-party assemblies.

Pantelis Ar
Comment by Hamster

I'm trying to sign a third party dll with a password protect pfx file and the using the GUI it works like a charm (although the path is renamed to .snk and I get the message that the file doesn't exist?) but with the console application (which I would like to use for scripting) I get:

[quote]Error: Unable to obtain public key for StrongNameKeyPair.

0 file(s) were strong-name signed.
0 references(s) were fixed.[/quote]

Some use of Google tells met that it has to do with permissions but the GUI works fine and running cmd with forced admin rights doesn't fix it. If I don't use the .pfx the random signing with console does succeed. Any idea/suggestions on how to fix console or why GUI works (even with the renaming and popup) but console doesn't?

Ps. Preview and save comment didn't work for me but that could be the many ad/script blockers I use :D Using Firefox btw (used Chrome to post).

Hamster
Comment by alas

you my friend, are awesome.

alas
Comment by Jamie

Right on time! Thank you.

Comment by Wolfgang

Thanks, you saved my day ;-)

Wolfgang
Comment by Daniel

From a fellow brutal \m/ developer - you are a life-saver! Thank you!

Daniel
Post comment