NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Key Management during Development

The process described above for generating shared names assumes that the developer has access to the key pair that will be used to generate the shared name. This is not always the case. In many situations, an organization will have a closely guarded key pair and will not be willing to let developers have copies of this key pair to use on a daily basis. Of course, the public key will be available, but the private key is often kept in safe keeping and only a few select people have access to it.

A similar problem exists for Authenticode signing, but in that case the entire signing process can be done after everything is built and right before shipment. This is not the case with shared name signing – each assembly reference contains the (token of the) public key used to give the target assembly a shared name. This requires that at least the public key be available during the development process.

There are numerous solutions to this problem, two of which are described below. Internally at Microsoft, we use “Deferred Signing”.