SN is a utility that helps create assemblies with shared names (also known as strong names). SN provides options for key management, signature generation and signature verification. Shared names are designed to satisfy the following requirements:
sn [-q(uiet)][options]
Option | Description |
---|---|
-c [csp] | Sets the default CSP that will be used for shared name signing. This setting applies to the entire machine. If no CSP name is provided, the current setting is cleared. |
-d container | Deletes the key container named container from the shared name CSP. |
-D assembly1 assembly2 | Verifies that two assemblies differ only by signature. This is often used as a sanity check after an assembly has been resigned with a different key-pair. |
-e assembly outfile | Extracts the public key from assembly and stores it in outfile. |
-i infile container | Installs the key pair given in infile in the key container named container. The key container resides in the shared name CSP. |
-k outfile | Generates a new key pair and writes it to the file given by outfile. |
-m [y|n] | Used to specify whether key containers are machine wide, or per-user. If y is specified, key containers are machine wide. If n is specified, key containers are per-user.
If neither y or n are specified, this option displays the current setting. |
-o infile [outfile] | Extracts the public key from the infile and stores it in a .csv file. Each byte of the public key is separated by a comma. This format is useful for hard coding references to keys as initialized arrays in source code. Places output on the clipboard if outfile is not supplied. |
-p infile outfile | Extracts the public key from the key pair in infile and stores it in outfile. This public key can be used to set the originator using the /keyfile option on the AL utility. This is useful for the scenario where the assembly is signed with a different key pair than the one stored as the originator. This scenario is important during development when the author of the assembly doesn't have access to the private key that will be used for the final signing. |
-R[c] [infile] | Allows SN to re-sign a previously signed assembly with a new key pair (provided in a file). The -Rc option allows the key pair to be read from a named key container instead. These options are useful in scenarios where assemblies that have shared names are signed with a test key pair, but re-signed with the correct, shared key pair just prior to shipping. |
-t[p] infile | Displays the public key token for the public key stored in infile. The contents of infile were previously generated using -p.
The token is computed using a hash function from the public key. Public key tokens are stored as part of the AssemblyRef in the manifest when recording a dependency to a sharedly named assembly. -t displays the token instead of the full public key to save space. -tp causes the public key to be displayed in addition to the token. |
-T[p] assembly | Displays the public key token for assembly, which is the name of a file containing an assembly manifest.
The token is computed using a hash function from the public key. Public key tokens are stored as part of the AssemblyRef in the manifest when recording a dependency to an assembly that has a shared name. -T displays the token instead of the full public key to save space. -Tp causes the public key to be displayed in addition to the token. |
-v assembly | Verifies the shared name in assembly. assembly is the name of a file containing an assembly manifest. |
-vf assembly | Verifies the shared name in assembly, as in the -v option; verification is forced, even if disable by registry. |
-Vl | List current settings for shared name verification on this machine. |
-Vr assembly [userlist] [infile] | Register assembly for verification skipping (with an optional comma separated list of usernames). If infile is provided, verification remains enabled, but the public key in infile is used in verification operations. Both assembly and userlist can be specified as * to indicate all assemblies and all users respectively. |
-Vu assembly | Unregister assembly for verification skipping. |
-Vx | Remove all verification skipping entries. |
/? | Displays command-line help. |
Sn -k mykey.snk
Creates a new, random key pair and stores it in mykey.snk
Sn - I mykey.snk mycontainer
Stores the key contained in mykey.snk in the container mycontainer in the shared name CSP.
Sn -v myasm.dll
Verifies the assembly myasm.dll
Sn -V n
Toggles verification off. Calls to SharedNameSignatureVerification will always pass.
Sn -d mycontainer
Delete mycontainer from the default CSP