Security Tools

  • Article

The Windows Software Development Kit (SDK) supplies command-line tools that help you perform security-related tasks and test your components and applications before you deploy them. The following table briefly describes each of these tools.

Tool name

Description

Certificate Creation Tool (Makecert.exe)

Generates X.509 certificates for testing purposes only.

Certificate Manager Tool (Certmgr.exe)

Manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).

Certificate Verification Tool (Chktrust.exe)

Verifies the validity of a file signed with an X.509 certificate. The Certificate Verification tool only ships with the .NET Framework SDK version 1.0 and 1.1. In later versions of the Windows SDK, use the Sign Tool (SignTool.exe) utility instead.

Code Access Security Policy Tool (Caspol.exe)

Enables you to view and configure security policy. You can see the permissions that are granted to a specified assembly and the code groups that the assembly belongs to.

File Signing Tool (Signcode.exe)

Signs a portable executable (PE) file with an Authenticode digital signature. The File Signing Tool only ships with the .NET Framework SDK version 1.0 and 1.1. In later versions of the Windows SDK, use the Sign Tool (SignTool.exe) utility instead.

Isolated Storage Tool (Storeadm.exe)

Manages isolated storage, providing options to list the user's stores and delete them.

Permissions View Tool (Permview.exe)

Allows you to view an assembly's requested permissions.

PEVerify Tool (Peverify.exe)

Determines whether the JIT compilation process can verify the type safety of the assembly.

Policy Migration Tool (Migpole.exe)

Migrates security policy between two compatible versions of the .NET Framework.

Secutil Tool (Secutil.exe)

Extracts strong name public key information or Authenticode publisher certificates from an assembly, in a format that can be incorporated into code.

Set Registry Tool (Setreg.exe)

Allows you to change the registry settings for the Software Publishing State keys, which control the behavior of the certificate verification process. The Set Registry tool only ships with the .NET Framework SDK version 1.0 and 1.1. In later versions of the Windows SDK, use the Sign Tool (SignTool.exe) utility instead.

Sign Tool (SignTool.exe)

Digitally signs files, verifies signatures in files, and time stamps files.

Software Publisher Certificate Test Tool (Cert2spc.exe)

Creates a Software Publisher's Certificate (SPC) from one or more X.509 certificates. This tool is for testing purposes only.

Strong Name Tool (Sn.exe)

Helps create assemblies with strong names. Sn.exe provides options for key management, signature generation, and signature verification

See Also

Other Resources

Security in the .NET Framework