2

I got a trusted cert from Comodo CA and having a hard time getting it to work with the InternalsVisibleTo Attribute. I'm getting a warning that the assembly is invalid and can't be resolved. I retrieved the public Key with X509Certificate.GetPublicKeyString() and put that into the assemblyinfo.

[assembly:System.Runtime.CompilerServices.InternalsVisibleTo("Assemblyname,PublicKey=MyPublicKey"]

We had used an untrusted cert so far and it works fine with it. What I noticed is that the PublicKey of the trusted cert (.pfx) is 540 characters long and our untrusted (.snk) is just 320.

Where is my error?

Additionally I can't use the projectsettings to pick my .pfx to sign it. Postbuild works. when using the projectsettings it tells me that it cant find the cert and the private key.

JayTee
  • 1,114
  • 2
  • 11
  • 18

1 Answers1

2

It's hard to tell what is the problem without trying to do the same myself. Maybe the format of public key returned by X509Certificate.GetPublicKeyString() is not the format InternalsVisibleTo expects. However, you can use sn (Strong Name Tool), which was designed just to work with strong name keys.

It's located at C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin (number of SDK\ system drive etc may vary, but you get the idea).

First export public key using this command (will ask for password if pfx is password-protected):

sn -p YourComodoCert.pfx YourComodoCert.snk

Then export public key as a string via:

sn -tp YourComodoCert.snk > YourComodoCert_pub.txt

Open YourComodoCert_pub.txt with text editor, there you will found "Public key is" section - copy key from there and use in InternalsVisibleTo.

Evk
  • 98,527
  • 8
  • 141
  • 191
  • thanks I tried it via the sn.exe already, sry that I didn't mention it. Getting that error here: "Failed to convert key to token -- Invalid assembly public key. – JayTee May 04 '16 at 11:06
  • sn -tp - I loaded an assembly that got signed via postbuild with that cert and it tells me that the publickey is 0 byte long. the assembly is definitely signed with that cert, shows a digital siganture in the properties in the filesystem. But it seems that its not signed with a strong name and publickey. doesnt make sense to me. – JayTee May 04 '16 at 11:13
  • And how do you sign with postbuild? Maybe this part is wrong. – Evk May 04 '16 at 11:20
  • Okay, I think I maybe had a missunderstanding. I use the SignTool.exe to sign it in my Postbuild with my trusted cert. But it seems to me, that this is a different signing to the one you can specify in the Projectsettings? I kept the sign process with the old untrusted cert in the Projectsettings now and ran the postbuild that signs with the trusted cert afterwards. I left the old publickey in the InternalsVisibleTo attribute. I got a digtal signature now showing in File->Properties, and the a strong name with public key on that assembly now. – JayTee May 04 '16 at 11:46
  • SignTool.exe is completely different tool - it's for code signing, not related to strong names. You need "sn.exe" tool which I mention in my answer. – Evk May 04 '16 at 12:15
  • Yeah, I figured it finally that code signing and strongname signing are two different things. Thanks a lot! – JayTee May 04 '16 at 12:45