Dotfuscating Strong Named Assemblies
Strong named assemblies are digitally signed. This allows the runtime to determine if an assembly has been altered after signing. The signature is an SHA1 hash signed with the private key of an RSA public/private key pair. Both the signature and the public key are embedded in the assembly’s metadata.
Since Dotfuscator modifies the assembly, it is essential that signing occur after running the assembly through Dotfuscator.
Dotfuscator Professional Edition can handle this step as part of the obfuscation process. If you are using the Standard or Community Edition, you will need to complete signing in a separate build step after obfuscation is complete.
Manually Resigning after Obfuscation
You should delay sign the assembly during development and before Dotfuscation, then complete the signing process afterward. Please refer to the .NET Framework documentation if you require detailed information about delay signing assemblies.
To successfully obfuscate a strongly named assembly, follow these steps:
- Delay sign the assembly during development. This is done by embedding two custom attributes into your assembly. For C#, you would include the following lines into AssemblyInfo.cs:
- Where keyfile.snk is the name of the file containing your public key.
- Use the strong name tool (sn.exe) that comes with the .NET Framework to turn off the strong name verification while you are testing your assembly:
sn -Vr TestAsm.exe
- Obfuscate the delay signed assembly using Dotfuscator.
- After running through Dotfuscator turn on the verification for the obfuscated assembly using sn.exe. This unregisters the Dotfuscated assembly for verification skipping:
sn -Vu TestAsm.exe
- Now complete the signing process of the Dotfuscated assembly, where keyfile.snk is the name of the file containing your private key:
sn -R TestAsm.exe keyfile.snk
Remember to turn off strong name validation while testing your delay signed assemblies!