Signing Assemblies
Yesterday I just reset my PC. I thought everything project is pushed to remote and backed up properly.
But then here I am. Fixing the lost key assembly issue.
I have no idea why I'd setup the code signing in the first place. But the term "Strong Name Assembly" does appeal to me and I thought it was cool to sign my project with strong name.
So I did it.
Signing the assembly DOES NOT mean that your code is protected. You can still disassemble the dll and resign it with another key. So what's the point in signing it?
But hey, I just need an app to grab all the cats from the internet. How is this a trust issue?
No, it's not. So you don't need to sign you assembly.
===
So I lost my key. How do I fix that?
Well, as long as I have my source codes. I could either just use the unsigned assembly. OR, since I am not very familiar with this code signing thing. I could painfully compile the entire project again.
That was literally what I did:
1. I wrote a python script that replaces all my internal field to public field.
2. Compile it with the newly generated key. Since all the fields are now public, it will not raise those annoying inaccessible errors.
3. Once I have my Strongly named assembly compiled. I can have sn to generate the public key for me.
4. Revert the code back.
5. Generate proper PublicKey and apply it to AssemblyInfo.
6. Recompile it again.
Here's the code that does the thing for me:
temp-public.py
Here's the External Tools settings I set in VS ( require cygwin ):
Example Output:
No I just need to copy and paste the keys to InternalsVisibleTo and I am good to go:)
But then here I am. Fixing the lost key assembly issue.
I have no idea why I'd setup the code signing in the first place. But the term "Strong Name Assembly" does appeal to me and I thought it was cool to sign my project with strong name.
So I did it.
Signing the assembly DOES NOT mean that your code is protected. You can still disassemble the dll and resign it with another key. So what's the point in signing it?
Is sounds cooler
Because I can. Looking cool is one of my fetish. Peoples are like do less and be more, I am like do more and look cool.Security
But of course it is about security! It is not about protecting nor encrypting your code. It is about the trust of the operating environment. Sometimes codes are required to run on a trusted base in order to protect something. Like app store, the apps you download from the store are signed by Microsoft. You don't trust me but do you trust Microsoft. I am not aware how "signing the codes did that" but it is proven, and the keys are there to do all the magic.Is it practical?
It's all about trust. Here is an answer of how you could need a singed assembly.But hey, I just need an app to grab all the cats from the internet. How is this a trust issue?
No, it's not. So you don't need to sign you assembly.
Why I sign my app?
This is like placing a lock in front of a door. But the door is not actually locked ( There is a good term for that, but I don't remember. Hippocrates proof? ). So this is just saying. Hey, I am a good person. Please don't fuck with me.===
So I lost my key. How do I fix that?
Well, as long as I have my source codes. I could either just use the unsigned assembly. OR, since I am not very familiar with this code signing thing. I could painfully compile the entire project again.
That was literally what I did:
1. I wrote a python script that replaces all my internal field to public field.
2. Compile it with the newly generated key. Since all the fields are now public, it will not raise those annoying inaccessible errors.
3. Once I have my Strongly named assembly compiled. I can have sn to generate the public key for me.
4. Revert the code back.
5. Generate proper PublicKey and apply it to AssemblyInfo.
6. Recompile it again.
Here's the code that does the thing for me:
temp-public.py
Here's the External Tools settings I set in VS ( require cygwin ):
Title:
Get PublicKey
Command:
C:\cygwin64\bin\bash.exe
Arguments:
-lc "echo $(TargetPath); sn -Tp '$(TargetPath)' | sed 's/\(.\+\)/+ \"\1\"/g'"
Example Output:
C:UserspenguinDocumentsVisual Studio 2015Projects*****.dll
+ "Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0"
+ "Copyright (c) Microsoft Corporation. All rights reserved."
+ "Public key (hash algorithm: sha1):"
+ "00240000048000009400000006020000002400005253413100040000010001000f6f41231dfd59"
+ "ad366842f29808eff4370136dfae032ed6f0a52649e4e2766a6f0b09765996c51193f1482c344b"
+ "e4c0032b73c6b3b3698494a5c4ee6873bbfef133ae74b7e82108d337c0082a242f27b821c152e7"
+ "8824815ce5aaa325164fca8469991d2f0dbc0aa4baf84609dbd5e43a87adad51aa52c531ecbebb"
+ "c4944d98"
+ "Public key token is 6479d45771cb5548"
Thu Mar 03 2016 17:44:32 GMT+0000 (Coordinated Universal Time)
Last modified: Tue Aug 23 2016 15:25:04 GMT+0000 (Coordinated Universal Time)
Comments
No comments here.
Do you even comment?
website:
Not a valid website
Invalid email format
Please enter your email
*Name:
Please enter a name
Submit
抱歉,Google Recaptcha 服務被牆掉了,所以不能回覆了