What is strong naming and how do I strong name a binary?

Question

I heard somewhere that I need to strong name my binaries before I distribute them. Any ideas what this is?

score 21 · Accepted Answer · edited Jun 25 '22 at 09:31

21

Eric Lippert posted about strong signing assemblies:

The purpose of a strong name is solely to ensure that when you load an assembly by name, you are loading exactly the assembly you think you are loading. You say "I want to load Frobber, version 4, that came from FooCorp". The strong name gear ensures that you actually load precisely that DLL, and not another assembly called Frobber, version 4, that came from Dr. Evil Enterprises. You can then set security policy which says "if I have an assembly from FooCorp on my machine, fully trust it." These scenarios are the only by-design purposes of strong names.

edited Jun 25 '22 at 09:31

Wai Ha Lee

8,598
83
57
92

answered Sep 17 '09 at 05:42

Timothy Carter

15,459
7
44
62

6

Consider providing a relevant snipped from this post, in case the link breaks. – JYelton Jun 01 '11 at 17:40
2

Hmm, poor answer: that doesn't answer the second part of the question ("how do I strong name a binary"). – Mark Whitaker Sep 13 '11 at 09:40

jdehaan · Answer 2 · 2009-09-17T10:13:05.067

3

In short strong named assemblies are signed with a certificate. They play a role for the CAS (Code Access Security): what the assembly has the right to do or not to do.

[Edit] as some of you pointed out: it is really advised to create strong assemblies as they will be more robust against attacks like introducing foreign malicious code into your application if you wrote some plug-in mechanism for example.

This way you can limit what the 3rdparty plug-ins are allowed to do in the context of your application.

edited Sep 17 '09 at 10:13

answered Sep 17 '09 at 05:49

jdehaan

19,700
6
57
97

There's a lot more : What about the GAC ? What about "assembly spoofing" ? etc... – Cédric Rup Sep 17 '09 at 06:02
4

Strong-named assemblies are NOT signed with a certificate. Strong-named assemblies are signed with a strong-name key. Certificate-signed assemblies are signed with a certificate. If you do not understand the difference, see my article linked above. – Eric Lippert Sep 17 '09 at 16:39
If I have an application that consists of a normal executable and a DLL which it calls, do I just strong name the DLL, or do I strong name both the exe and the DLL? – Dan W Dec 02 '15 at 06:51

score 3 · Answer 3 · answered Jul 04 '14 at 15:42

To answer the second part of the question: How to: Sign an Assembly with a Strong Name

To create and sign an assembly with a strong name by using Visual Studio

In Solution Explorer, open the shortcut menu for the solution, and then choose Properties.

Choose the Signing tab.

Select the Sign the assembly box.

In the Choose a strong name key file box, choose , and then navigate to the key file. To create a new key file, choose and enter its name in the Create Strong Name Key dialog box.

si618 · Answer 4 · 2016-07-29T01:16:30.107

2

I found this MSDN magazine article useful when learning about strong naming assemblies.

edited Jul 29 '16 at 01:16

answered Sep 17 '09 at 05:48

si618

16,580
12
67
84

The link is broken; it takes you to a list of issues. – Chris R. Donnelly Jul 28 '16 at 16:23
1

Thanks Chris. I think I've found a live link via the wayback archive. – si618 Jul 29 '16 at 01:18

score 1 · Answer 5 · answered Sep 17 '09 at 05:42

1

If you're talking about .NET assemblies, here are the docs.

answered Sep 17 '09 at 05:42

Alex Martelli

854,459
170
1,222
1,395

What is strong naming and how do I strong name a binary?

5 Answers5

To create and sign an assembly with a strong name by using Visual Studio

Linked

Related