Options
SmartAssembly Signing vs SignTool
Stevens222
Posts: 1 New member
Hello,
We are evaluating SmartAssembly and I am considering how we have signed our assemblies previously. Should we continue to sign assemblies after the SmartAssembly build or should we instead us the SmartAssembly Strong Name Signing and Tamper protection?
We currently sign using the /f and /ac options. In SmartAssembly, I do not see where I can specify the .CER file for the /ac option. We also timestamp the file - but I would assume SmartAssembly is doing that.
What are your thoughts?
Thank you,
Steven
We are evaluating SmartAssembly and I am considering how we have signed our assemblies previously. Should we continue to sign assemblies after the SmartAssembly build or should we instead us the SmartAssembly Strong Name Signing and Tamper protection?
We currently sign using the /f and /ac options. In SmartAssembly, I do not see where I can specify the .CER file for the /ac option. We also timestamp the file - but I would assume SmartAssembly is doing that.
What are your thoughts?
Thank you,
Steven
Tagged:
Best Answer
-
Options
Jessica R
Posts: 1,319 Rose Gold 4
Hi and thanks for your post!If your assembly is signed with a .snk or .pfx strong name key, then the new assembly will need to have the same strong name key, so you should also apply it via SmartAsssembly's Strong Name Signing feature.
If it is signed with a digital signature (with something like signtool), however, SmartAssembly doesn't have a built-in option to apply this, so you will still need to sign the assembly after the SmartAssembly build.
(In case it's helpful, I've found a Microsoft blog on the differences between a strong name key and digital signature here: https://blogs.msdn.microsoft.com/ericlippert/2009/09/03/whats-the-difference-part-five-certificate-signing-vs-strong-naming/)
Hope that info helps!
