Shared Assembly - Is Signing Required?

Question

If I want to build a shared assembly, does that require the overhead of signing and managing key pairs? If so, is there a best practice approach to doing so?

Answer 1

No, to share an assembly between applications (outside of the GAC which I don't recommend that you place it in), you don't need to sign it. You need to sign an assembly generally, when you are going to give it to a third party. Its a way of verifying the assembly is genuine and hasn't been tampered with.

On Signing Assemblies and Best Practices

Remember this does not mean that they share the same assembly in memory. They will have their own copies and will act independently of each other. To share information between applications, you need to use either Remoting or WCF.

Answer 2

Yes, storing an assembly in the GAC requires them to be strong named. Which is not the same thing as signing with a certificate. It is very simple to assign a strong name: Project + Properties, Signing, check "Sign the assembly", key file = New. The resulting .snk file should be checked-in to your SCCS so it is always signed from the same key container.

Answer 3

That depends on what you mean by shared. If by shared you mean an assembly which you put in the GAC then yes you must sign the assembly.

If by shared you just mean that you want to reference the assembly from multiple projects and each project will have its own copy of the assembly, then no, you do not need to sign the assembly.