SmartAssembly Signing vs SignTool

Hello,

We are evaluating SmartAssembly and I am considering how we have signed our assemblies previously.  Should we continue to sign assemblies after the SmartAssembly build or should we instead us the SmartAssembly Strong Name Signing and Tamper protection?

We currently sign using the /f and /ac options.  In SmartAssembly, I do not see where I can specify the .CER file for the /ac option.  We also timestamp the file - but I would assume SmartAssembly is doing that.

What are your thoughts?

Thank you,
Steven
Tagged:

Best Answer

  • Jessica RJessica R Posts: 1,256 Rose Gold 4
    Accepted Answer
    Hi and thanks for your post!

    If your assembly is signed with a .snk or .pfx strong name key, then the new assembly will need to have the same strong name key, so you should also apply it via SmartAsssembly's Strong Name Signing feature.

    If it is signed with a digital signature (with something like signtool), however, SmartAssembly doesn't have a built-in option to apply this, so you will still need to sign the assembly after the SmartAssembly build.

    (In case it's helpful, I've found a Microsoft blog on the differences between a strong name key and digital signature here: https://blogs.msdn.microsoft.com/ericlippert/2009/09/03/whats-the-difference-part-five-certificate-signing-vs-strong-naming/)

    Hope that info helps!

    Jessica Ramos | Product Support Engineer | Redgate Software

    Have you visited our Help Center?


Sign In or Register to comment.