none
Uses of .pfx and .snk files

    Question


  • Hi
    Can  anyone tell me what is the uses of *.pfx and *.snk files.
    How to create that for a project.

    Friday, April 18, 2008 7:35 AM

Answers

  • Anandakumar.R,

     

    Based on your post, you can sign the assembly with Personal Information Exchange (pfx file). Except the pfx signing with the password, you can also use snk to sign the strong name assemblies. To sign an assembly with a strong name, you must have a public/private key pair. This public and private cryptographic key pair is used during compilation to create a strong-named assembly. The article How to: Sign an Assembly (Visual Studio) can help you with understanding the assembly signing issue.

     

    In "Signing" tab of project Properties, when you click "Sign the assembly" and "Choose a strong name key file -> New", you can store the pfx file by adding the key file name and the password. In Solution Explorer, you can see the filename.pfx that store the private keys with the encrypt password information. You can get the file and store the file to other most secure place.

     

    As the article Using Strong Name Signatures mentions: While password-protecting your key files is a much better solution than storing them in the clear, it is still not ideal. You would still have to distribute the PFX file to all of your developers, and they would all have to know the password for the PFX file. Secrets that are widely shared like this do not tend to stay secret for very long. Ideally, you should not have to distribute the private key to build and test your code during development.

     

    The article ClickOnce Manifest Signing and Strong-Name Assembly Signing Using Visual Studio Project Designer's Signing Page can help you with the signed assembly deployment issue.

     

    Hope that can help you.

    Monday, April 21, 2008 7:39 AM

All replies

  • Anandakumar.R,

     

    Based on your post, you can sign the assembly with Personal Information Exchange (pfx file). Except the pfx signing with the password, you can also use snk to sign the strong name assemblies. To sign an assembly with a strong name, you must have a public/private key pair. This public and private cryptographic key pair is used during compilation to create a strong-named assembly. The article How to: Sign an Assembly (Visual Studio) can help you with understanding the assembly signing issue.

     

    In "Signing" tab of project Properties, when you click "Sign the assembly" and "Choose a strong name key file -> New", you can store the pfx file by adding the key file name and the password. In Solution Explorer, you can see the filename.pfx that store the private keys with the encrypt password information. You can get the file and store the file to other most secure place.

     

    As the article Using Strong Name Signatures mentions: While password-protecting your key files is a much better solution than storing them in the clear, it is still not ideal. You would still have to distribute the PFX file to all of your developers, and they would all have to know the password for the PFX file. Secrets that are widely shared like this do not tend to stay secret for very long. Ideally, you should not have to distribute the private key to build and test your code during development.

     

    The article ClickOnce Manifest Signing and Strong-Name Assembly Signing Using Visual Studio Project Designer's Signing Page can help you with the signed assembly deployment issue.

     

    Hope that can help you.

    Monday, April 21, 2008 7:39 AM

  • Hi,
    Still i'm not understand the ultimate usage of those files. Can Please give me some more details about it.
    also,
    weather the  .pfx and .snk files usage is customer level or developer level?

    Tuesday, April 22, 2008 7:15 AM
  • Anandakumar.R,

     

    The "ultimate usage" of assembly signing depends on your development .NET applications. Generally speaking, assembly signing (also called strong-name signing) gives an application or component a unique identity that other software can use to identify and refer explicitly to it. A strong name consists of its simple text name, version number, culture information (if provided), plus a public/private key pair. This information is stored in a key file; this can be a Personal Information Exchange (PFX) file or a certificate from the current user's Windows certificate store.

     

    As far as I've known, these definitions are for the managed development in .NET. The Visual Studio provides you the easy way to sign the assembly in "Properties -> Signing" tab of the projects to instead of the tools in .NET Framework such as al.exe, sn.exe.

     

    In my opinion, using .pfx and .snk to sign the assembly is developer level. However, if there is public/private key paires, storing the key pair is the custom level issue. You can also take a look at the Assembly Signing Frequently Asked Questions to understand this better.

    Tuesday, April 22, 2008 8:05 AM
  • More simple answer.

    When run program with Administrator UAC, windows will show messagebox with info about program with information from sign certificate company name or personal name from certificate.

    If you not sign app with certificate you will see in message that this program certificate is "none".

    You can create and sign in with certificate your apps(.exe) with cmd commands too.

    Tuesday, April 29, 2014 1:45 PM