none
signing the assembly and xap file using pfx

    Question

  • Hello,

    I have signed xap file and assembly also by using pfx file. But now probvlem is at every development machine need to import local copy of pfx file and re sign it.

    I think if I ONLY sign the xap file this problem will not happen, but I am unable to find any information about what extre trust/security level I get by signing the assembly. Is not it enough to sign the xap file only ?

     

    Regards

    Tuesday, May 01, 2012 4:42 AM

Answers

  • No, I am not using sign tool.

    You right click on your sliverlight app in Visual Studio, and get into propertise, there you can select checkbox to sign the xap and can select your pfx file you want to use for siging and on the same page you will also see another checkbox to sign the assemble also. and my question is related to that, the first thign I wrote in this post.

    Visual Studio is using the Sign tool to sign the file. So what's the problem if you sign the xap?

    >But now probvlem is at every development machine need to import local copy of pfx file and re sign it.

    Why you need to do so? What happens if you don't do that? If you want to sign xap the better approach is to do that when the coding is completed and do that once.

    Thursday, May 03, 2012 9:16 PM

All replies

  • Hi,

    Sorry I don't quite understand what you mean. What's the problem when you install your Silverlight OOB application? (Is my understanding correct the problem happens when you do so?)

    Could you elaborate? Maybe some screenshots can help to clarify the problem.

    Thursday, May 03, 2012 3:25 AM
  • No Its not OOB related.

    You can sign your silverlight application with code signing certificate, like you sign your Java applet with code signign certificate.

    question is related to that.

    Thursday, May 03, 2012 3:38 AM
  • OK. Are you using SignTool to sign the xap? If not, how do you sign it?

    http://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.80).aspx

     What do you want to do by signing the xap file?

    >But now probvlem is at every development machine need to import local copy of pfx file and re sign it.

    Could you clarify what the problem is?

    Thursday, May 03, 2012 4:31 AM
  • No, I am not using sign tool.

    You right click on your sliverlight app in Visual Studio, and get into propertise, there you can select checkbox to sign the xap and can select your pfx file you want to use for siging and on the same page you will also see another checkbox to sign the assemble also. and my question is related to that, the first thign I wrote in this post.

    Thursday, May 03, 2012 4:35 AM
  • No, I am not using sign tool.

    You right click on your sliverlight app in Visual Studio, and get into propertise, there you can select checkbox to sign the xap and can select your pfx file you want to use for siging and on the same page you will also see another checkbox to sign the assemble also. and my question is related to that, the first thign I wrote in this post.

    Visual Studio is using the Sign tool to sign the file. So what's the problem if you sign the xap?

    >But now probvlem is at every development machine need to import local copy of pfx file and re sign it.

    Why you need to do so? What happens if you don't do that? If you want to sign xap the better approach is to do that when the coding is completed and do that once.

    Thursday, May 03, 2012 9:16 PM