Sign your unsigned assemblies AFTER you have built them. You can sign a whole bunch of unsigned assemblies with one public key while your strong named references are also updated at once. This is achieved by decompiling your assemblies
with ILDASM to MSIL code, parsing and the IL code and doing the necessary modifications. After that a new assembly is created with ILASM and voila: Strong named assemblies. It has been tested with major projects (e.g. Enterprise Library Jan 2006)
to validate that this approach works reliable.
What is Signer good for?
- Working on an improved IL parser which represents the contents of an IL file as an object model.
- This will make more sophisticated manipulations possible such as:
- Unsign an assembly and all dependant ones.
- Make internals of one assembly visible to others via the InternalsVisibleTo Attribute.
It allows you to strong name (sign) your unsigned assemblies after you have built them. You can sign assemblies for which you do not have the source code. If you build for example a strong named application all your referenced assemblies must also be signed.
This can become a problem if you get unsigned assemblies from another software vendor. In this case Signer is your last option you can to get strong names into your project.
It Is Faster
If you have built a bigger project e.g. Enterprise Library Jan 2006 (http://www.codeplex.com/entlib/Release/ProjectReleases.aspx
and have now the great idea strong name all of them you
have to change the signing options for over 20 projects which is quite tedious and error prone. Signer allows you to sign your assemblies without any change in your project settings. The Enterprise Library guys have made some cool VS extension to automate
this task but I like my approach still ;-)
- Signer cannot decompile assemblies which do contain unmanaged code or unmanaged resources (e.g. managed C++, .nlp files). This could change when the Phoenix
http://research.microsoft.com/phoenix/ project is completed.