[RESOLVED] Strong naming an assembly for VB

[Reapism]

I have gotten quite far in strong naming my assembly but still yet to include it somehow within the source code.
All of the tutorials out there are for C# which should plausibly be the same, however, I am not finding a file in my
source code where I can insert the .snk file.

What I did so far.

I opened up Visual studio dev cmd [ADMIN]

Code:

sn -k rsgkey.snk
// Generates a key pair for the strong name key file you just created

Code:

sn -p rsgkey.snk public.snk
// Public key written to public.snk (creates new public key file)

Code:

sn -tp public.snk
// Gets the public key and token

I executed all these commands and they were all successful, the point I am at now is that there is a file
in C# projects called the
AssemblyInfo.cs
// a class file to store information about the assembly.

My question is if there is an equivalent file, and what are the later steps. The msdn doesn't talk about it.

LINKS:
https://docs.microsoft.com/en-us/dot...med-assemblies
https://docs.microsoft.com/en-us/dot...-a-strong-name
https://docs.microsoft.com/en-us/dot...ivate-key-pair


I am doing this so my EXECUTABLE file isn't popping up saying unknown publisher and appears like a virus because
its not signed with a reputable digital signature provider like verisign.

[jmcilhinney]

Click the 'Show All Files' button at the top of the Solution Explorer. You will now be able to see a number of files that VB projects hide from you by default that are always visible in a C# project, which includes AssemblyInfo.vb.

[Reapism]

Thank you JMC you're the man, now one more thing. If I continue strong naming the assembly like so, will this prevent a browser downloading it from saying the file is potentially harmful because its from an unknown publisher (not signed), is that browser dependent or signing the application will make it from a known publisher (me) because the public and private keypair unique to me

[PlausiblyDamp]

Thank you JMC you're the man, now one more thing. If I continue strong naming the assembly like so, will this prevent a browser downloading it from saying the file is potentially harmful because its from an unknown publisher (not signed), is that browser dependent or signing the application will make it from a known publisher (me) because the public and private keypair unique to me

A strong name is more to prevent tampering with a compiled assembly and proving multiple versions of an assembly are all from the same publisher, they won't prevent a browser(or windows itself) saying it is potentially harmful. To do that you would need to do a different type of code signing IIRC https://docs.microsoft.com/en-us/win...l/authenticode is the thing you need to be looking at.

[David Anton]

Here's a good comparison of strong naming vs digital signing:
https://blogs.msdn.microsoft.com/eri...strong-naming/

Strong naming an assembly is quite limited in it's goal - digital signing is far more useful.

[Reapism]

I was thinking I will use strong naming the assembly as opposed to digital signing because of the cost. But taking a look further into your very insightful articles, strong naming is not a replacement which I suspected.

Is there a way I can digitally sign my application without paying let's say veri-sign? Or the reason for that is that their reputation is based solely on the identification of the software you use so its like a guarantee as opposed to me creating a certificate and using mine. This new certificate represents me fully but is still questionable because I don't have any backing?

My project is ready for release and when users download it they literally go through 3 stages of warnings from windows saying the software could potentially be dangerous because its not from an known publisher. It is freeware and I don't see a solution to this problem that's free.