snk 与代码签名证书 [英] snk vs. code signing certificate

问题描述

In my organization we use snk files with strong names assemblies. We generate the snk ourselves.

In addition we use a code signing signature on the binaries. We get the pfx from Verisign.

• What is the difference between these two processes?
• Isn't it a problem that the snk is not recevied from Verisign also?

解决方案

The snk and pfx are used for two different purposes. The snk is used for strong-naming, which uses a key pair to uniquely identify an assembly. The pfx is for code signing, which is a similar process but one that is intended to prevent malicious tampering with assemblies that are distributed publicly. Using both on an assembly both strong-names AND signs it.

It's OK to generate your own SNK file as long as you keep the private key secure. The PFX file you get from Verisign allows you to sign the assembly using a key secured by a third party. This is an additional layer of security that lets users of your assembly know that it has not been tampered with.

这篇关于snk 与代码签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！