assembly-signing

Some time ago I installed my PFX key into Container using command like this: sn -i mykey.pfx VS_XXX but two months later I forgot the Container name (VS_XXX), so my question is: How to get than name back? I know key name, I have this key, I know the key pass phrase. Download the Keypal utility and double click it, you will find all the names of the key containers. You can choose between user profile and machine profile. Alternatively, enumerate the certificate store to find the certificate of interest via its subject and then you can use CertGetCertificateContextProperty to get the value for

I tried to use ServiceStack in my current project but found the binaries released were not strong named so i couldn't use it out of the box. When asking on GitHub "why" I got the following answer: it's virally toxic and hinders binding, upgrading, development, deployment, etc. mythz was very laconic so I didn't want to bother him more and asking here. I use a lot of open-source .NET projects like AutoMapper, NUnit, Moq, log4net, Ninject, etc. and their releases are all strong named. Found similar question here, on SO, but it doesn't help me. Is it normal practice in OSS? Why not release both

I manage an open-source project and would like to sign the binaries that are released in the project's binary package. I use Visual Studio csproj and sln files to manage and build my project, and also distribute these files as part of the project's source packages. How can I sign the produced binaries of my build and not have to distribute the snk key-pair file? If I use Visual Studio to sign the assemblies, each project file now needs a copy of the key-pair in order to build. I'm not comfortable with distributing the key-pair, even if it is password protected. Edit : Another caveat is that

I need to re-sign my assembly after the build has finished (and I've done some other things to it), so I started by adding an <Exec> Task that called C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\sn.exe . This has to work for other developers/environments, so I was hoping I could just copy sn.exe and sn.exe.config from that folder and store it in our code repository so I could always call a common version of it from a known location. sn.exe crashes in isolation outside of the sdk directory, so I'm wondering how I can reference it without knowing what path it will be

My scenario is we have one program (exe) that will start other programs if found in a particular folder. I want to ensure it only ever starts programs which are signed with our Corporate certificate (Verisign approved etc). Essentially then it will only start the programs with the same certificate as itself. I don't want to ship the certificate itself. I've been searching the web and the system namespace and haven't found a clear example that reads the certificate data from a file and also validates it, and can check against another file. The closest I've found is Signtool and and having this

Right now I am setting the Linker/Advanced/KeyFile option. I am getting the "mt.exe : general warning 810100b3: is a strong-name signed assembly and embedding a manifest invalidates the signature. You will need to re-sign this file to make it a valid assembly." . Reading from the web, it sounds like I have to set the delay signing option, download the SDK, and run sn.exe as a post build event. Surely there must be an easier way to do this common operation in VS2010? There's a fair amount of lameness here, this just never worked before. It got "fixed" in VS2010, mt.exe now generates a warning