How to: Sign an assembly with a strong name
Although .NET Core supports strong-named assemblies, and all assemblies in the .NET Core library are signed, the majority of third-party assemblies do not need strong names. For more information, see Strong Name Signing on GitHub.
There are a number of ways to sign an assembly with a strong name:
- By using the Build > Strong naming page in the project designer for a project in Visual Studio. This is the easiest and most convenient way to sign an assembly with a strong name.
- By using the Assembly Linker (Al.exe) to link a .NET Framework code module (a .netmodule file) with a key file.
- By using assembly attributes to insert the strong name information into your code. You can use either the AssemblyKeyFileAttribute or the AssemblyKeyNameAttribute attribute, depending on where the key file to be used is located.
- By using compiler options.
You must have a cryptographic key pair to sign an assembly with a strong name. For more information about creating a key pair, see How to: Create a public-private key pair.
Create and sign an assembly with a strong name by using Visual Studio
- In Solution Explorer, open the shortcut menu for the project, and then choose Properties.
- Under the Build tab you'll find a Strong naming node.
- Select the Sign the assembly checkbox, which expands the options.
- Select the Browse button to choose a Strong name key file path.
In order to delay sign an assembly, choose a public key file.
Create and sign an assembly with a strong name by using the Assembly Linker
Open Visual Studio Developer Command Prompt or Visual Studio Developer PowerShell, and enter the following command:
al /out:<assemblyName> <moduleName> /keyfile:<keyfileName>
- assemblyName is the name of the strongly signed assembly (a .dll or .exe file) that Assembly Linker will emit.
- moduleName is the name of a .NET Framework code module (a .netmodule file) that includes one or more types. You can create a .netmodule file by compiling your code with the
/target:moduleswitch in C# or Visual Basic.
- keyfileName is the name of the container or file that contains the key pair. Assembly Linker interprets a relative path in relation to the current directory.
The following example signs the assembly MyAssembly.dll with a strong name by using the key file sgKey.snk.
al /out:MyAssembly.dll MyModule.netmodule /keyfile:sgKey.snk
For more information about this tool, see Assembly Linker.
Sign an assembly with a strong name by using attributes
Add the System.Reflection.AssemblyKeyFileAttribute or AssemblyKeyNameAttribute attribute to your source code file, and specify the name of the file or container that contains the key pair to use when signing the assembly with a strong name.
Compile the source code file normally.
The following example uses the AssemblyKeyFileAttribute attribute with a key file called keyfile.snk, which is located in the directory where the assembly is compiled.
You can also delay sign an assembly when compiling your source file. For more information, see Delay-sign an assembly.
Sign an assembly with a strong name by using the compiler
Compile your source code file or files with the
/delaysign compiler option in C# and Visual Basic, or the
/DELAYSIGN linker option in C++. After the option name, add a colon and the name of the key file. When using command-line compilers, you can copy the key file to the directory that contains your source code files.
For information on delay signing, see Delay-sign an assembly.
The following example uses the C# compiler and signs the assembly UtilityLibrary.dll with a strong name by using the key file sgKey.snk.
csc /t:library UtilityLibrary.cs /keyfile:sgKey.snk