[GH-ISSUE #30] Allow resign assemblies with different strong name #26

New issue

Closed

opened 2026-02-25 21:30:29 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 21:30:29 +03:00

Owner

Originally created by @darilek on GitHub (Jan 24, 2017).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/30

Currently the program skips assemblies when they already has strong name. Please add option to allow resign assemblies with different key (and update references to the new public token)

Originally created by @darilek on GitHub (Jan 24, 2017). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/30 Currently the program skips assemblies when they already has strong name. Please add option to allow resign assemblies with different key (and update references to the new public token)

kerem closed this issue

2026-02-25 21:30:29 +03:00

kerem commented

2026-02-25 21:30:29 +03:00

Author

Owner

@brutaldev commented on GitHub (Jan 24, 2017):

Although simple enough in principle, I don't see why you would want to alter assemblies that are already signed? If you inadvertently did something like this to a MS GAC assembly, you would break all .NET projects on the machine as everybody's references would no longer be valid...

@brutaldev commented on GitHub (Jan 24, 2017): Although simple enough in principle, I don't see why you would want to alter assemblies that are already signed? If you inadvertently did something like this to a MS GAC assembly, you would break all .NET projects on the machine as everybody's references would no longer be valid...

kerem commented

2026-02-25 21:30:29 +03:00

Author

Owner

@darilek commented on GitHub (Jan 24, 2017):

I don't want change signature of .NET core assemblies :-) But for example we have subscription to the big component pack (with source codes) and we build it and sign with own key. But some distributed assemblies does not have source code included and we need the same signature for them.

@darilek commented on GitHub (Jan 24, 2017): I don't want change signature of .NET core assemblies :-) But for example we have subscription to the big component pack (with source codes) and we build it and sign with own key. But some distributed assemblies does not have source code included and we need the same signature for them.

kerem commented

2026-02-25 21:30:29 +03:00

Author

Owner

@brutaldev commented on GitHub (Jan 25, 2017):

If you want your other distributed assemblies to use the same public key, then just sign them with the same key file you sign the component pack with. By default it will generate a new strong-name key pair to sign with if you don't provide one, you can use your own SNK or PFX file, the same one you use with your compiled code and they will all have the same strong name.

Are you using the UI, console, API or NuGet integration?

@brutaldev commented on GitHub (Jan 25, 2017): If you want your other distributed assemblies to use the same public key, then just sign them with the same key file you sign the component pack with. By default it will generate a new strong-name key pair to sign with if you don't provide one, you can use your own SNK or PFX file, the same one you use with your compiled code and they will all have the same strong name. Are you using the UI, console, API or NuGet integration?

kerem commented

2026-02-25 21:30:29 +03:00

Author

Owner

@darilek commented on GitHub (Jan 25, 2017):

to be clear. Component pack is distributed with sources and precompiled assemblies are signed with original key (and there is no access for the key). For some assemblies the source code is not available (I don't know why). We are buliding new assemblies from source code signed with own key.

For now I can change key by decompilation with ILDASM, change public key token and update references manually in decompiled code, and compile back to the assembly.

@darilek commented on GitHub (Jan 25, 2017): to be clear. Component pack is distributed with sources and **precompiled assemblies are signed with original key** (and there is no access for the key). For some assemblies the source code is not available (I don't know why). We are buliding new assemblies from source code signed with own key. For now I can change key by decompilation with ILDASM, change public key token and update references manually in decompiled code, and compile back to the assembly.

kerem commented

2026-02-25 21:30:29 +03:00

Author

Owner

@brutaldev commented on GitHub (Jan 25, 2017):

I still don't really see a viable reason why you would want to remove the existing public key and re-sign already signed assemblies. If they are digitally/authenticode signed then you will break that signature as well by doing this. The risks outweigh any conceivable benefit you could derive from re-signing and it sounds as though you already have a solution to your problem.

@brutaldev commented on GitHub (Jan 25, 2017): I still don't really see a viable reason why you would want to remove the existing public key and re-sign already signed assemblies. If they are digitally/authenticode signed then you will break that signature as well by doing this. The risks outweigh any conceivable benefit you could derive from re-signing and it sounds as though you already have a solution to your problem.