SecureBlackbox 16: Can I sign a .NET assembly?
There are several ways to sign assemblies in .NET: You can use .NET signing (using an RSA KeyPair) to create strong-named assemblies, and you can use Authenticode, which lets you sign any file in PE format including assemblies in DLL files. Note that Authenticode is not .NET-specific and knows nothing about .NET. It signs PE structures.
For Authenticode signing (using X.509 certificates suitable for code signing) you can use the SignTool.exe tool. .NET will verify the signature when it loads the assembly, but in some cases such verification can take extra seconds (if the OS performs CRL and OCSP checking of certificates in the chain), slowing down assembly loading.
You can use the sn.exe tool included in the .NET SDK to create strong-named assemblies.
SecureBlackbox lets you create, verify, and remove Authenticode signatures. Strong-naming in code is not currently supported by SecureBlackbox.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.