starred/StrongNameSigner
1
0
Fork 0
mirror of https://github.com/brutaldev/StrongNameSigner.git synced 2026-04-25 11:26:04 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #9] Assembly is invalid after signing #9

New issue
Closed
opened 2026-02-25 21:30:27 +03:00 by kerem · 7 comments
kerem commented 2026-02-25 21:30:27 +03:00
Owner
Copy link

Originally created by @danjohnso on GitHub (Jan 6, 2015).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/9

Originally assigned to: @brutaldev on GitHub.

I have a problem using your tool with 2 assemblies where one references the other one. When I sign the 2 assemblies separately, they pass validation. At runtime though, the reference is broken. If I put both of the assemblies in at once, it says the references got fixed, but then fails validation which causes a runtime compile exception, is there a trick to getting the references fixed without breaking the signature?

Originally created by @danjohnso on GitHub (Jan 6, 2015). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/9 Originally assigned to: @brutaldev on GitHub. I have a problem using your tool with 2 assemblies where one references the other one. When I sign the 2 assemblies separately, they pass validation. At runtime though, the reference is broken. If I put both of the assemblies in at once, it says the references got fixed, but then fails validation which causes a runtime compile exception, is there a trick to getting the references fixed without breaking the signature?
kerem 2026-02-25 21:30:27 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@brutaldev commented on GitHub (Jan 6, 2015):

In your first scenario the reference will certainly be broken, if you sign assemblies separately then the reference is not corrected (since there is no knowledge of the referencing assembly).

Your second scenario is the correct way to re-sign so that all assemblies can be checked and new references created for each one.

Could you provide more detail on the runtime compile exception, a stack trace or a specific error message? If the assemblies you are signing are public, can you divulge what they are so that I can test them myself?

<!-- gh-comment-id:68932244 --> @brutaldev commented on GitHub (Jan 6, 2015): In your first scenario the reference will certainly be broken, if you sign assemblies separately then the reference is not corrected (since there is no knowledge of the referencing assembly). Your second scenario is the correct way to re-sign so that all assemblies can be checked and new references created for each one. Could you provide more detail on the runtime compile exception, a stack trace or a specific error message? If the assemblies you are signing are public, can you divulge what they are so that I can test them myself?
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@danjohnso commented on GitHub (Jan 6, 2015):

The assemblies are private so I can't share them. I looked closer at the output and I guess the dependency is actually Assembly A and Assembly B both depend on Assembly C. Assembly C passes verification, Assembly A and B do not:
C:\SNK>sn -v AssemblyA.dll

Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.17929
Copyright (c) Microsoft Corporation. All rights reserved.

Failed to verify assembly -- Strong name validation failed.

The runtime exception is basically just that the assemblies are not signed correctly:

FileLoadException: Could not load file or assembly 'AssemblyA.dll' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)]

No errors in the output log either, I passed an input/ouput directory and my own key + password as params (also tried without my own key + password, same result):

Strong-name signing C:\AssemblyA.dll...
C:\AssemblyA.dll was strong-name signed successfully!

Strong-name signing C:\AssemblyC.dll...
C:\AssemblyC.dll was strong-name signed successfully!

Strong-name signing C:\AssemblyB.dll...
C:\AssemblyB.dll was strong-name signed successfully!

Fixing references to 'C:\AssemblyC.dll' in 'C:\AssemblyA.dll'...
References were fixed successfully!

Fixing references to 'C:\AssemblyB.dll' in 'C:\AssemblyA.dll'...
Nothing to fix...

Fixing references to 'C:\AssemblyA.dll' in 'C:\AssemblyC.dll'...
Nothing to fix...

Fixing references to 'C:\AssemblyB.dll' in 'C:\AssemblyC.dll'...
Nothing to fix...

Fixing references to 'C:\AssemblyA.dll' in 'C:\AssemblyB.dll'...
Nothing to fix...

Fixing references to 'C:\AssemblyC.dll' in 'C:\AssemblyB.dll'...
References were fixed successfully!

3 file(s) were strong-name signed.
2 references(s) were fixed.

<!-- gh-comment-id:68934259 --> @danjohnso commented on GitHub (Jan 6, 2015): The assemblies are private so I can't share them. I looked closer at the output and I guess the dependency is actually Assembly A and Assembly B both depend on Assembly C. Assembly C passes verification, Assembly A and B do not: C:\SNK>sn -v AssemblyA.dll Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.17929 Copyright (c) Microsoft Corporation. All rights reserved. Failed to verify assembly -- Strong name validation failed. The runtime exception is basically just that the assemblies are not signed correctly: FileLoadException: Could not load file or assembly 'AssemblyA.dll' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)] No errors in the output log either, I passed an input/ouput directory and my own key + password as params (also tried without my own key + password, same result): Strong-name signing C:\AssemblyA.dll... C:\AssemblyA.dll was strong-name signed successfully! Strong-name signing C:\AssemblyC.dll... C:\AssemblyC.dll was strong-name signed successfully! Strong-name signing C:\AssemblyB.dll... C:\AssemblyB.dll was strong-name signed successfully! Fixing references to 'C:\AssemblyC.dll' in 'C:\AssemblyA.dll'... References were fixed successfully! Fixing references to 'C:\AssemblyB.dll' in 'C:\AssemblyA.dll'... Nothing to fix... Fixing references to 'C:\AssemblyA.dll' in 'C:\AssemblyC.dll'... Nothing to fix... Fixing references to 'C:\AssemblyB.dll' in 'C:\AssemblyC.dll'... Nothing to fix... Fixing references to 'C:\AssemblyA.dll' in 'C:\AssemblyB.dll'... Nothing to fix... Fixing references to 'C:\AssemblyC.dll' in 'C:\AssemblyB.dll'... References were fixed successfully! 3 file(s) were strong-name signed. 2 references(s) were fixed.
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@brutaldev commented on GitHub (Jan 6, 2015):

Might be the same issue that @Bringer128 is having in Issue #8.

It's late here so I'll take a look in the morning to see if there might be a problem with reference correction invalidating the strong-name key again.

<!-- gh-comment-id:68937139 --> @brutaldev commented on GitHub (Jan 6, 2015): Might be the same issue that @Bringer128 is having in Issue #8. It's late here so I'll take a look in the morning to see if there might be a problem with reference correction invalidating the strong-name key again.
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@danjohnso commented on GitHub (Jan 6, 2015):

Thanks for looking. I was looking around for other options and came across this nuget package that has a set of powershell scripts that successfully sign the dlls: https://www.nuget.org/packages/Nivot.StrongNaming/

<!-- gh-comment-id:68937625 --> @danjohnso commented on GitHub (Jan 6, 2015): Thanks for looking. I was looking around for other options and came across this nuget package that has a set of powershell scripts that successfully sign the dlls: https://www.nuget.org/packages/Nivot.StrongNaming/
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@Bringer128 commented on GitHub (Jan 7, 2015):

I created a pull request that I think fixes this issue (it fixes it on my assemblies).

<!-- gh-comment-id:68957940 --> @Bringer128 commented on GitHub (Jan 7, 2015): I created a pull request that I think fixes this issue (it fixes it on my assemblies).
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@brutaldev commented on GitHub (Jan 7, 2015):

Fixed by @Bringer128 in pull request #10.

Download the latest release (including isntaller) here: https://github.com/brutaldev/StrongNameSigner/releases/tag/1.4.3

<!-- gh-comment-id:68983817 --> @brutaldev commented on GitHub (Jan 7, 2015): Fixed by @Bringer128 in pull request #10. Download the latest release (including isntaller) here: https://github.com/brutaldev/StrongNameSigner/releases/tag/1.4.3
kerem commented 2026-02-25 21:30:27 +03:00
Author
Owner
Copy link

@danjohnso commented on GitHub (Jan 7, 2015):

Yup, that fixes it , thanks!

<!-- gh-comment-id:69043612 --> @danjohnso commented on GitHub (Jan 7, 2015): Yup, that fixes it , thanks!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v3.6.5
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.1
v3.5.0
v3.4.0
v3.3.3
v3.3.2
v3.3.1
v3.3.0
v3.2.1
v3.2.0
v3.1.1
v3.1.0
v2.9.1
v2.9.0
2.7.1
2.7.0
2.6.0
2.4.0
v2.3.0
v2.2.0
v2.1.4
v2.1.3
v2.1.2
v2.1.0
v2.0.0
v1.8.0
v1.7.0
v1.6.1
v1.5.1-2
v1.5.0
v1.5.1
v1.4.9
v1.4.8
v1.4.7
v1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4
v1.3.0.0
1.2
Labels
Clear labels   
bug

   
duplicate

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
duplicate
duplicate
enhancement
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/StrongNameSigner#9
No description provided.