|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
How to: Use Full Signing to Give a Dynamic Assembly a Strong Name
A dynamic assembly can be given a strong name using partial signing or full signing. For partial signing, the public key must be specified in the AssemblyName passed to the DefineDynamicAssembly method. The common language runtime allocates the space within the portable executable (PE) file for a strong name signature blob, but does not actually sign the assembly. The resulting assembly can be fully signed in a post-processing step using tools provided in the Windows Software Development Kit (SDK).
For full signing, a public/private key pair must be provided. These entities are usually stored in a file or disk or in a key container owned by a Crypto API Cryptographic Service Provider (CSP). Low security keys are often generated by software-based CSPs and exported to a file so they can be checked into source code management systems during project development. High security keys are often generated by hardware that usually helps prevent export of the keys for security reasons. Such key pairs can only be accessed indirectly through a key container. The strong name key pair is specified using the System.Reflection.StrongNameKeyPair class.
The following example demonstrates using full signing to give a dynamic assembly a strong name.
FileStream fs = new FileStream("SomeKeyPair.snk", FileMode.Open); StrongNameKeyPair kp = new StrongNameKeyPair(fs); fs.Close(); AssemblyName an = new AssemblyName(); an.KeyPair = kp; AppDomain appDomain = Thread.GetDomain(); AssemblyBuilder ab = appDomain.DefineDynamicAssembly(an, AssemblyBuilderAccess.RunAndSave);