Digital signature seems to remove Strong Name signature

Question

5.00/5 (1 vote)

See more:

I've an assembly in C++/CLI. This assembly is strong named, using Linker options, with a SN.exe generated Key.

However, the same strongly named assembly, if it is digitally signed, using signtool.exe, it seems to remove the strong name signature, indeed the strong name validation fails, and it does not install in the target machine's GAC.

Looking at this documentation : https://msdn.microsoft.com/en-us/library/vstudio/ms235305%28v=vs.100%29.aspx[^]

- it says the strong name key is removed if post processing took, lime mt.exe (I'm not certain if signtool.exe falls in the same tools category)is used afterwards, but it says it does so only if CLR attributes are used. I user Linker options for strong naming.

Kindly advise on the process which can be used to strong name and digitally sign the C++/CLI assembly. Would I have to re-sign the assembly after digitally signing it?

Thanks,

Posted 10-May-15 19:39pm

Member 9378977

Updated 10-May-15 19:40pm

v2

Add a Solution

Comments

Kornfeld Eliyahu Peter 11-May-15 2:57am

It should be done in the right order: strong name, and then digital signature...

Member 9378977 11-May-15 2:59am

That is what I've done. I've strong named it first, using Linker options, and then applied the digital signature, but it seems to affect the strong name signature.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

KarstenK · Answer 1 · 2015-05-11T01:48:00

Solution 1

Yes you have to do it. Signing is a process from inside to the outside!!!

My experience by using the MageUI-Tool: it is best to sign only once and avoid resigning. And I have reloaded all files in the manifest to update the hashes.

Posted 11-May-15 1:48am

KarstenK

Comments

Member 9378977 11-May-15 8:37am

I'm sorry, did you mean I've to resign it? And could you elaborate on the manifest part, please? Thanks.