Delay signing

During the development process you  need strong keys name  to be exposed to the developer which is not a good practice from security aspect .In such situations you can assign the key later on and during development you use delay signing.

Following is the process to delay sign an assembly:

(1) First obtain string name keys using SN.EXE.

(2) Annotate the source code for  assembly with 2 custom attributes of System.Reflection: AssemblyKeyFileAttribute, that passes the name of the file having  public key as a parameter to its constructor. AssemblyDelaySignAttribute, which indicates that the delay signing, is being used by passing true as the  parameter to its constructor.

[C#]

           [assembly:AssemblyKeyFileAttribute("myKey.snk")]
           [assembly:AssemblyDelaySignAttribute(true)]

The compiler inserts the public key into assembly manifest and reserves space it in the PE file for the full strong name signature. The real public key should be stored while the assembly is built so that the other assemblies that reference this assembly can also obtain the key to store in their own assembly reference.

(3) Since the assembly does not have a valid strong name signature, the verification of that signature should  be turned off. You can do this by using -Vr option with the Strong Name tool.The example following  turns off verification for an assembly called myAssembly.dll.

Sn -Vr myAssembly.dll

(4) Just before shipping, you must submit the assembly to your organization's signing authority for the actual strong name signing using the -R option with the Strong Name tool. The following example signs an assembly known as myAssembly.dll with a strong name using sgKey.snk key pair.

Sn -R myAssembly.dll sgKey.snk