CHAPTER 14 BUILDING AND CONFIGURING CLASS LIBRARIES
Understanding Strong Names
Before you can deploy an assembly to the GAC, you must assign it a strong name, which is used to
uniquely identify the publisher of a given .NET binary. Understand that a “publisher” can be an
individual programmer (such as yourself), a department within a given company, or an entire company
itself.
In some ways, a strong name is the modern-day .NET equivalent of the COM globally unique
identifier (GUID) identification scheme. If you have a COM background, you might recall that AppIDs
are GUIDs that identify a particular COM application. Unlike COM GUID values (which are nothing
more than 128-bit numbers), strong names are based (in part) on two cryptographically related keys
(public keys and private keys), which are much more unique and resistant to tampering than a simple
GUID.
Formally, a strong name is composed of a set of related data, much of which is specified using the
following assembly-level attributes:
•
The friendly name of the assembly (which, you recall, is the name of the assembly
minus the f ile extension)
•
The version number of the assembly (assigned using the [AssemblyVersion]
attribute)
•
The public key value (assigned using the [AssemblyKeyFile] attribute)
•
An optional culture identity value for localization purposes (assigned using the
[AssemblyCulture] attribute)
•
An embedded digital signature, created using a hash of the assembly’s contents
and the private key value
To provide a strong name for an assembly, your first step is to generate public/private key data
using the .NET Framework 4.5 sn.exe utility (which you’ll do in a moment). The sn.exe utility generates
a file (typically ending with the *.snk [Strong Name Key] file extension) that contains data for two
distinct but mathematically related keys, the public key and the private key. Once the C# compiler is
made aware of the location of your *.snk file, it will record the full public key value in the assembly
manifest using the .publickey token at the time of compilation.
The C# compiler will also generate a hash code based on the contents of the entire assembly (CIL
code, metadata, and so forth). As you recall from Chapter 6, a hash code is a numerical value that is
statistically unique for a fixed input. Thus, if you modify any aspect of a .NET assembly (even a single
character in a string literal) the compiler yields a different hash code. This hash code is combined with
the private key data within the *.snk file to yield a digital signature embedded within the assembly’s CLR
header data. The process of strongly naming an assembly is illustrated in Figure 14-15.
534