You are distributing an assembly, but you want to ensure that nobody can tamper with the internals of that assembly. This tampering could result in its use to gather sensitive information from a user or to act as a back-door mechanism to attack a network. Additionally, you do not want other malicious assemblies to be created that look like yours but operate in malevolent ways (e.g., stealing passwords, reformatting a disk drive). In effect, this malevolent assembly is created to spoof your benevolent assembly.
This can be averted to a certain degree by using a strong name for your assembly. A strong named assembly has a digital signature that is generated from a public/private key pair. The public key is the part of the pair that provides something well known that your assembly can use to identify as being from you. The private key is the part of the pair that you keep secret and that ensures that people can trust that the assembly came from you and hasn’t been tampered with.
In order to generate a key pair, you can use the SN.EXE from the Framework SDK:
SN -k MyKeys.snk
This line creates your key pair in a file called
MyKeys.snk. Since this file contains both your public and private keys, you need to guard this file carefully; generate it only on a machine that’s locked down enough to be consider highly trusted. Never make copies of this key, and store it only on a highly trusted machine or on media that ...