I'm working on a piece of software in Visual Studio. I created a PKCS#12 archive in Visual Studio to strong name sign my assemblies. I then extracted the public key from the archive using OpenSSL.
I realise that I must remove the PKCS#12 archive from the VS solution before making it publicly available but what do I do with the public key?
Should I bundle it with my solution or make it available for download online where my solution is hosted?
How would a user verify my assemblies with the public key?
If I remove the archive from the solution then Visual Studio will complain because it is still configured to strong name sign the solution. A third party who has obtained the source code will receive such an error when they attempt to compile it with whatever modifications they have made. Should I expect them to plug in their own key or disable it?
