Say I have several .NET assemblies and want to sign each of them with a strong name. Is one keypair (one .snk file) enough or do I need to generate one pair for each assembly? Will I have to publish the public key of (each) keypair?
+3
A:
You need only one .snk file.
You don't need to publish the public key. Any one can get a public key using sn.exe with -p switch.
Vadim
2009-04-28 13:53:07
But how will he ensure that it was me who published the assembly?
sharptooth
2009-04-28 13:58:18
The fact that it is signed with your key -- the same key the referencing assembly is expecting -- authenticates it to the assembly loader.
Brian Ensink
2009-04-28 14:10:18
That only proves that is is signed with the same key as the one which comes with the assembly. But how can one identify who generated that key?
sharptooth
2009-04-28 14:11:37
Asked a separate question for that - http://stackoverflow.com/questions/798621/do-i-need-to-publish-the-public-key-from-snk-file
sharptooth
2009-04-28 15:48:18
+1
A:
One key file is enough to sign multiple related assemblies. Take a look through your GAC. Assemblies from the same product or platform often all have the same key. For example many of Microsoft's .NET framework assemblies share the same key.
Brian Ensink
2009-04-28 14:04:47