"Joe Monnin" <(E-Mail Removed)> wrote in message
news:5436EBC4-70BA-413E-9266-(E-Mail Removed)...
> I'm very puzzled about the code signing system in place in Visual Studio.
> I
> can sign ClickOnce deployments with a certificate from the certifcate
> store.
> Why can I not do the same thing when signing an assembly? For that, I
> need
> to have a .pfx or .snk file. My company does not want to give the
> Verisign
> certificate password to the development team, and rightly so since they
> could
> then take that .pfx home an start singing any sort of trash they wanted
> with
> the company certificate. So instead, they have installed the certificate
> with the private key in the certificate store and disabled the ability to
> export the private key. The only way to sign code is then to use
> signtool.exe. Code signing in Visual Studio is not possible. Why aren't
> the
> code signing mechanisms for ClickOnce and assemblies the same? It seems
> like
> I must be missing something here, but I can't imagine what it could be.
I have the same questions. It doesn't make sense to me. Further, I don't
think you can digitally sign an assembly in Visual Studio, not even in 2010.
The assembly signing is for a strong name, not a public code signing
certificate. Still, you don't want to be handing out your strong name key
either.
I have found that you can strong name sign with a key from the certificate
store by editing your *.csproj file and adding:
<KeyContainerName>YourKeyName</KeyContainerName>
Add this right after the <AssemblyName>. <SignAssembly> should be left as
false.
You still have to use signtool.exe (or Set-AuthenticodeSignature) to sign
the assembly with your Verisign certificate.
Similar Threads
