开发者

Is it possible to sign my assembly with an SSL certificate?

Trying to kill two birds with one stone. I'm not well versed in certificates, how they work, etc. If I have an SSL certificate for my corporate web site can I use it to sign my assemblies and have them be trusted? I assume not but thought it was worth a开发者_如何学Pythonsking.


You can sign assemblies (and any Windows dll or exe) with an appropriate code signing certificate where you have the private key.

Unless it is very unusual a web site (authentication) certificate will not have the correct "usage" property to allow it to be used for code signing.

For more on this (and the tools you need to do the signing): Everything you need to know about Authenticode Code Signing .


In addition to what Richard said, you need to distinguish between strong-naming (signing an assembly with a "raw" private key) and Authenticode signing. Strong-naming is specific to .NET assemblies, and Authenticode is used for signing any PE file (and some other file types as well).

Also if you sign the assembly using Authenticode, be ready to get delays when the assembly is loaded. This is because .NET Framework validates the signature and optionally retrieves CRLs and performs OCSP checks each time the assembly is loaded. So unless you must sign the assembly, for performance reason you might want to skip this step.

In our Secureblackbox product we had all assemblies signed, but then some customers reported that the assemblies simply won't load, and this turned out to be related to signature validation. So we removed authenticode signatures and kept only .NET strongnaming.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜