23

found these helpful links curtosy of SO.

http://buffered.io/posts/net-fu-signing-an-unsigned-assembly-without-delay-signing/

How to fix "Referenced assembly does not have a strong name" error?

I follow the process. It seems easy enough to do. Just wondering if there's a point-and-click automated tool that will do this for me -- particularly for the case where unsigned 3rd party A.dll references unsigned B.dll which references unsigned C.dll.

Community
  • 1
  • 1
sgtz
  • 8,849
  • 9
  • 51
  • 91
  • Note that you should eventually consider signing it. Delay signing is just supposed to be that. Delaying the signing procedure while it's under development. You shouldn't really deploy delay signed assemblies without signing them. – Mehrdad Afshari Nov 02 '11 at 08:20
  • This is supported by the IDE, Project + Properties, Signing tab. That's as point-and-click as it gets. Doing it after building isn't very useful or productive. – Hans Passant Nov 02 '11 at 11:01
  • 1
    @Hans Passant: this question is geared towards assemblies that you don't have control over. – sgtz Nov 02 '11 at 11:42
  • 2
    Altering an assembly you don't control is a rabbit hole. Third parties shipping unsigned assemblies is criminal, especially given how easy it is to sign them. Exercise your support options, ask them to sign them. – Hans Passant Nov 02 '11 at 11:53

1 Answers1

43

You can sign the assemblies yourself so that you are able to reference them in a project that is also signed if you are unable to get the author to strong sign them for you.

Do this by disassemble the assembly into IL and then reassemble it with your own strong name key file.

Open a Visual Studio command prompt and browse to the directory containing your unsigned assembly. Run the following commands from the command prompt.

ildasm.exe /all /typelist /out=My.Unsigned.Assemby.il My.Unsigned.Assemby.dll

This will create an IL version of the assembly called My.Unsigned.Assemby.il

Next you will need to reassemble this without modification using your strong name key.

ilasm.exe /dll /optimize /key=MyKeyFile.snk My.Unsigned.Assemby.il

You will now end up with the same assembly, just a signed version of it. You can read more about strong name key generation but I assume you already know how to do this based on the question.

UPDATE: I have written an app to do this automatically from a UI, the command-line or programmatically through an API. It handles all the edge cases as well like assembling back to the right version with the correct flags. You can read more about it and download the tool here: http://brutaldev.com/post/2013/10/18/NET-Assembly-Strong-Name-Signer

BrutalDev
  • 6,181
  • 6
  • 58
  • 72
  • 1
    You saved me! The open source project I wanted to incorporate into my project wasn't signed, but was too complex for be to simply rebuild as signed. Your tool was a life saver! – Nathan A Sep 24 '15 at 18:32
  • 1
    Any idea how this could be done if the assembly to be signed depends itself on another unsigned assembly, both of which must be referenced in the main project? If i simply sign both assemblies separately using this method, it seems that the first assembly doesn't recognize the second one at build time anymore, i get a "you must add a reference..." error even if i reference the 2 newly signed assemblies. – Gabriel S. Dec 10 '15 at 13:55
  • 1
    @GabrielS. You need to sign them at the same time, that way each assembly will check if they reference any of the newly signed ones and update the reference to use the strong-name reference. InternalsVisibleTo will also be updated if necessary. It's all in the manual: https://github.com/brutaldev/StrongNameSigner#dealing-with-dependencies – BrutalDev Dec 10 '15 at 16:17
  • It seems that approach with disassembling and signing won't work if dll has self tests for it's own hash (for example bc-fips dlls). In this case those self tests will fail after signing because dll's hash changed – Eugen Oct 16 '22 at 21:51