Share via


Secutil Tool (Secutil.exe)

The Secutil tool extracts strong name information or the public key for an X.509 certificate from an assembly and converts this information into a format that can be incorporated into code.

secutil [-array | -hex] [-cmode | -vbmode]
{-strongname | -x509certificate} filename 

Parameters

Argument Description

filename

The assembly file that contains a strong name public key or an X.509 certificate.

Option Description

-a[rray]

When used with the -strongname option, returns strong name information that includes the public key as a byte array, and the name and version of the specified assembly. When used with the –x509certificate option, returns the public key as a byte array for the X.509 certificate in the specified assembly. If you do not specify either the -array or -hex option, the default is -array.

-c[mode]

Returns the strong name information or the public key for the X.509 certificate in the specified assembly. If you do not specify either the -cmode or the -vbmode option, the default is -cmode.

-h[elp]

Displays command syntax and options for the tool.

-hex

When used with the -strongname option, returns strong name information that includes the public key as a hexadecimal-encoded string, and the name and version of the specified assembly. When used with the –x509certificate option, returns the public key as a hexadecimal-encoded string for the X.509 certificate in the specified assembly.

-s[trongname]

Extracts the strong name public key, assembly name, and version number from the specified assembly. By default, the public key is returned in an array format suitable for use in a byte array definition in C# or C++. (For details, see the -array and –cmode options.)

References to files other than strongly named assemblies return an error.

-v[bmode]

Returns the strong name information or the public key for the X.509 certificate formatted in an array suitable for use in Visual Basic.

-x[509certificate]

Extracts the public key from the X.509 certificate in the specified assembly. By default, the public key is returned in an array format suitable for use in a byte array definition in C# or C++. (For details, see the -array and –cmode options.)

Only files that have been signed using Authenticode contain an X.509 Authenticode publisher certificate. References to other types of files return an error.

-?

Displays command syntax and options for the tool.

Remarks

If you do not specify any command-line options, Secutil.exe displays the command syntax and options for the tool.

The.NET Framework security system provides mechanisms for restricting the actions of code based on its associated evidence. Two types of evidence, strong names and Authenticode publishers, are based on cryptographic keys and digital signature technology.

Using these forms of evidence in imperative identity permission checks requires you to reference a fairly long sequence of binary data: a public key value in the case of a strong name and an X.509 certificate in the case of Authenticode publishers. You run Secutil.exe specifying the assembly file name that contains the evidence you want to check. You can paste the tool's output into the code in the form of a constant definition. You can then use this constant value to construct the correct identity permission to be checked. For information on how to construct these permissions, see System.Security.Permissions.PublisherIdentityPermission Class and System.Security.Permissions.StrongNameIdentityPermission Class.

Examples

The following command extracts the strong name information from myFile and returns the public key in the default byte array format.

secutil -strongname myFile

The output from the previous command is as follows.

Microsoft (R) .NET Framework SecUtil 1.0.2310.0
Copyright (c) Microsoft Corp 1999-2000. All rights reserved.

Public Key = 
{ 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0, 82,
83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 125, 153, 220, 107, 82, 7, 120, 98,
141, 142, 191, 216, 4, 190, 9, 125, 149, 0, 18, 169, 111, 81, 149, 179,
79, 192, 204, 91, 207, 61, 87, 213, 54, 9, 203, 70, 249, 71, 6, 181, 33,
153, 60, 69, 190, 178, 223, 99, 236, 47, 217, 110, 16, 228, 107, 180, 72,
189, 147, 126, 155, 81, 88, 89, 125, 126, 30, 149, 207, 139, 216, 132,
46, 171, 8, 95, 249, 114, 196, 80, 183, 159, 173, 75, 73, 113, 195, 29,
41, 6, 49, 150, 195, 168, 228, 235, 156, 42, 215, 132, 177, 108, 211, 78,
86, 170, 16, 0, 66, 93, 100, 139, 9, 78, 60, 3, 242, 12, 35, 13, 154, 39,
50, 183, 95, 253, 208, 172 }
Name =
myFile
Version =
1.2.3.4
Success

The following command extracts the public key from the X.509 certificate in myHelloFile and returns it as a hexadecimal-encoded string.

secutil -hex -x509certificate myHelloFile 

The output from the previous command is as follows.

Microsoft (R) .NET Framework SecUtil 1.0.2310.0
Copyright (c) Microsoft Corp 1999-2000. All rights reserved.

X509 Certificate =
0x308201833082012DA0030201020210B9360877C4B169244F7435304C270D4300D06092A8
64886F70D01010405003016311430120603550403130B526F6F74204167656E6379301E170
D3030313131353030333033385A170D3339313233313233353935395A30223120301E06035
5040313174A6F6527732D536F674776172652D456D706F7269756D305C300D06092A864886
F70D0101010500034B003048024100B7C23E337868D7971CEBB435B68736A6F694AFD50443
147FE18AF26029B2A8FAB3DC014D72195CA64844E26648878B32BABFE06126D1B63233C2D7
A88A38EC170203010001A34B304930470603551D010440303E801012E4092D061D1D4F008D
6121DC166463A1183016311430120603550403130B526F6F74204167656E6379821006376C
00AA00648A11CFB8D4AA5C35F4300D06092A864886F70D01010405000341005690921281BE
823AC4EC33D09ED8A2D04AE052B6022AB6DEEC67E3A6F203051AEDB8C54F3E7280D3983DC3
07560EA934966871ED5D4C9D304AC2553FD24BF3EE
Success

See Also

Reference

.NET Framework Tools
System.Security.Permissions.PublisherIdentityPermission Class
System.Security.Permissions.StrongNameIdentityPermission Class
SDK Command Prompt

Concepts

Evidence