Delay Signing Assemblies
Within a development environment, it might not always be feasible or convenient to gain access to the publisher private key to strong name the assemblies being built. This is a consequence of the need to keep the private key secure—if the key is easily available to the development team, it is increasingly difficult to ensure that the key is not compromised or even to detect such a compromise should it occur.
Consequently, many publishers will keep the private key in a secure location, possibly embedded in specially designed cryptographic hardware. Strong name signing assemblies then becomes a heavyweight process because all assembly creation within the publisher is channeled through a single location. With multiple developers ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
