|Dotfuscator > Understanding Protection with Dotfuscator > Advanced Topics > Dotfuscating Strong Named Assemblies|
Strong named assemblies are digitally signed. This allows the runtime to determine if an assembly has been altered after signing. The signature is an SHA1 hash signed with the private key of an RSA public/private key pair. Both the signature and the public key are embedded in the assembly’s metadata.
Since Dotfuscator modifies the assembly, it is essential that signing occur after running the assembly through Dotfuscator.
Dotfuscator handles this step as part of the obfuscation process.
Dotfuscator automatically re-signs strongly named assemblies after obfuscation, eliminating the need for manual steps after obfuscation. Dotfuscator both re-signs your already signed assemblies, and completes the signing process on delay signed assemblies.
As part of the build process, Dotfuscator re-signs assemblies that are already strongly named. You can tell Dotfuscator explicitly where to find the public/private key pair, or you can rely on a location specified by custom attributes on the input assembly (e.g. System.Reflection.AssemblyKeyFileAttribute).
The following example shows an XML configuration file fragment that sets up resigning with an explicit key file. Any key file specified via custom attribute is not used.
|Re-signing with Explicit Key File||
<signing> <resign> <option>dontuseattributes</option> <key> <file dir="c:\temp" name="key.snk" /> </key> </resign> ... </signing>
If an input assembly is delay signed, Dotfuscator can finish the signing process. Tell Dotfuscator where to locate the private key required to complete the signing.
The following example shows an XML configuration file fragment that sets up delay signing with an explicit key file.
<signing> ... <delaysign> <key> <file dir="c:\temp" name="key.snk" /> </key> </delaysign> </signing>