Jaa


How to sign a binary that you don't have the sources for?

Hi, it has been a long time since my last post here and that's not because I didn't bump into difficult problems that I wasn't able to solve, but rather due to me being too lazy to write.

So I decided to fix this. Also, the issue that I've found took me a long time to solve and it's a bit obscure so I think it's worth the trouble of a post.

Here's the problem: you are creating a dll that you share with other teams and they expect it to be signed (have a strong name). That's easy enough if you have control over all the dependencies... But what if you are using some dependencies that are not signed?

Here are the steps to sign the dependencies:
1. Get a cert. Here's a simple way generate a random key:
sn -k myKey.snk2. Install this tool (ilmerge): http://www.microsoft.com/downloads/en/details.aspx?FamilyID=22914587-b4ad-4eae-87cf-b14ae6a939b0&displayLang=en
3. Run ilmerge like this:
    ilmerge oldDll.dll /keyfile:mykey.snk /out:newDll.dll4. Verify if this operation worked:
         sn -T newDll.dll``   ......    Public key token is ea744189c88093ee

I hope this helps. In the next blog I'll write about how to reference assemblies which are signed and friends (InternalsVisibleTo).

Thanks,
Ionutz