Information Technology Reference
In-Depth Information
Delayed Signing
It is important that companies carefully guard the private key of their official public/private
key pair. Otherwise, if untrustworthy people were to obtain it, they could publish code mas-
querading as the company's code. To avoid this, companies clearly cannot allow free access to
the file containing their public/private key pair. In large companies, the final strong naming of
an assembly is often performed at the very end of the development process, by a special group
with access to the key pair.
This can cause problems, though, in the development and testing processes, for several
reasons. First, since the public key is one of the four components of an assembly's identity, it
can't be set until the public key is supplied. Also, a weakly named assembly cannot be deployed
to the GAC. Both the developers and testers need to be able to compile and test the code in the
way it will be deployed on release, including its identity and location in the GAC.
To allow for this, there is a modified form of assigning a strong name, called
delayed sign-
ing
, or
partial signing
, that overcomes these problems, but without releasing access to the
private key.
In delayed signing, the compiler uses only the public key of the public/private key pair.
The public key can then be placed in the manifest to complete the assembly's identity. Delayed
signing also uses a block of zeros to reserve space for the digital signature.
To create a delay-signed assembly, you must do two things. First, create a copy of the key
file that has only the public key, rather than the public/private key pair. Next, add an additional
attribute called
DelaySignAttribute
to the assembly scope of the source code and set its value
to
true
.
