How to sign third party assemblies
You need to sign assemblies if you want to put them in the GAC.
If you sign an executable, then any class libraries it links to also needs to be signed. This can be difficult if you’re using a third-party library.A very important reason to sign an assembly is so you can be sure it is your assembly. Since the private key is yours, nobody else can sign an assembly with that same key. This means that when the public key of an assembly is one you know.
Create a Strong Name Key
First you’ll need to get your existing strong name key (.snk) or create a strong name key
Use Ildasm to Sign a Third Party Assembly
I choose to use Microsoft intermediate language Disassembler (Ildasm) after having issues with Assembly Linker so go and download.
First Disassemble the ThirdParty.dll
- Open a Visual Studio Command Prompt and type the following command:
localPath\ThirdParty>ildasm /all /out=ThirdParty.il ThirdParty.dll
- This will create a file called ThirdParty.il which will be used next to sign and build.
- Second Rebuild and Sign the ThirdParty.dll
- Rename or backup your original third party assembly. Open a Visual Studio Command Prompt and type the following command:
localpath\ThirdParty>ilasm /dll /key=YourKey.snk ThirdParty.il
- Finally Verify Assembly was Signed
- You’ll want to verify that your assembly is now signed. To do this Open an Visual Studio Command Prompt and type the following command:
sn -vf ThirdParty.dll
- You should get an output similar to.. Assembly ‘ThirdParty.dll‘ is valid
Note: Signed assemblies can only load other signed assemblies. Also they are tied to a specific version meaning that you need to use binding redirects or recompile the application if you wanted to use a different version. There’s a little performance overhead as well due to the verification of the signature but it is so little that you shouldn’t be concerned about.