none
Problems with resign the assembly and Deployment RRS feed

  • Question

  • I created a public/private key with the command:
    sn -k mykey.snk

    I used it in the Signing tab in project properties, and I checked Delay sign only.
    And in Build Events tab inside the Pre-build event command line I wrote:
    "gacutil.exe"  -u "$(TargetName)"

    and in Post-build event command line I wrote:
    sn.exe -R $(TargetPath) $(ProjectDir)mykey.snk
    "gacutil.exe"  -if "$(TargetPath)"

    It worked fine, the assembly went to the GAC, and if I try:
    sn.exe -vf assembly.dll
    I get:
    "Assembly 'assembly.dll' is valid"

    If I copy this assembly.dll for another PC and try sn.exe -vf assembly.dll, I get again:
    "Assembly 'assembly.dll' is valid"

    As I want.

    But, when I create a Setup Project, and select the "assembly project"  in "Add/Project output" and build the deployment and install it in another machine, I get for the assembly.dll, when I try "sn.exe -vf assembly.dll":
    "assembly.dll is a delayed-signed or test-signed assembly"

    And if I try to redo:
    sn.exe -R assembly.dll mykey.snk

    it works fine.

    I think I am missing to do something in the Setup Project, why the dll looses the -R that it does in  Post-build event?
    I don't want to redo the sn.exe -R in deployed machines.

    I hope someone can help me.

    Friday, June 27, 2008 7:27 PM

Answers

  • Thanks Bruno, but that's not the answer.

    To fix the bug:

    Open the setup project file like "SetupProject.vdproj" in notepad and edit it.


     
     
    "Configurations" 
        { 
            "Debug" 
            { 
            (...) 
            "PrivateKeyFile" = "8:mykey.snk" 
            (...) 
            } 
            "Release" 
            { 
            (...) 
            "PrivateKeyFile" = "8:mykey.snk" 
            (...) 
            } 
        } 


    • Marked as answer by Rodrigo Perez Tuesday, August 12, 2008 5:06 PM
    Tuesday, August 12, 2008 5:06 PM

All replies

  • Rodrigo Perez,

    A delay signed assembly contains only the public key token of the signing key, not an actual signature. (Since, the person producing the delay signed assembly most likely doesn't have access to the private key necessary to create a signature).  Inside the PE file produced, a delay signed assembly has space reserved for a signature to be placed in the future, but that signature is actually just a block of zeros until the real signature is computed.  Because this block is not likely to be the actual signature value of the assembly, these assemblies will all fail to verify upon loading.  (since their signatures are incorrect)

    I hope the article in .NET Security Blog in the link below can help you to understand especially the delay signing better:

    http://blogs.msdn.com/shawnfa/archive/2004/03/17/91575.aspx 


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by Bruno Yu Thursday, July 3, 2008 2:34 AM
    • Unmarked as answer by Rodrigo Perez Tuesday, August 12, 2008 4:58 PM
    • Marked as answer by Rodrigo Perez Tuesday, August 12, 2008 4:58 PM
    • Unmarked as answer by Rodrigo Perez Tuesday, August 12, 2008 4:59 PM
    Wednesday, July 2, 2008 9:14 AM
  • Thanks Bruno, but that's not the answer.

    To fix the bug:

    Open the setup project file like "SetupProject.vdproj" in notepad and edit it.


     
     
    "Configurations" 
        { 
            "Debug" 
            { 
            (...) 
            "PrivateKeyFile" = "8:mykey.snk" 
            (...) 
            } 
            "Release" 
            { 
            (...) 
            "PrivateKeyFile" = "8:mykey.snk" 
            (...) 
            } 
        } 


    • Marked as answer by Rodrigo Perez Tuesday, August 12, 2008 5:06 PM
    Tuesday, August 12, 2008 5:06 PM