Joined: 28 Feb 2005
|Posted: Fri Jul 24, 2015 11:57 pm Post subject: My application uses unsigned 3rd party assemblies
|.NET Encryptor requires that the Bootstrap assembly be signed with a strong name (in order to verify the identity of the assembly loading the encrypted assemblies). Strong naming is transitive - this means that all assemblies referenced by the Bootstrap must also be strong named (not necessarily with the same strong name). So what do you do if your application references a 3rd party assembly which is NOT strong named?
The first thing is to probably approach the 3rd party supplier and ask them to strong name their assemblies. Commercial software vendors should be doing this anyway as it is best practice for security and allows their components to be used in strong named applications. If they can't or won't sign their assemblies then there is an alternative. You can strong name their assembly using your own strong name. To do this open a Visual Studio command prompt and then navigate to the directory containing the assembly you wish to strong name and copy your strong name file (eg MyKey.snk) to that directory. Assuming your assembly is called UnsignedAssembly.dll you can then decompile the assembly to IL (using ilsdasm) and recompile it with a strong name (using ilasm) with the following commands:
|ildasm UnsignedAssembly.dll /out:UnsignedAssembly.il
ilasm UnsignedAssembly.il /dll /key=MyKey.snk /output=SignedAssembly.dll
You can then verify that your assembly is now strong named using the strong name (sn) tool:
|sn -v SignedAssembly.dll