Within my Visual Studio solution I have a web site and 4-5 class library projects which are referenced., some of which reference external third party assemblies as well.
I've been given the task of signing the assemblies for these projects.
My understanding is that the purpose of signing is that not everyone being able to use our assembly without providing its public key and version details, right?
Should I use one single Strong Name Key (.snk) to sign all the assemblies of these projects or each assembly should be signed with a separate strong name key?
What's the purpose of password protection for strong name keys?
How would you do that?
Many thanks,
that the purpose of signing is that not everyone being able to use our assembly without providing its public key and version details, right?
No. Signing verifies you, the publisher. It prevents others from making 'fake' versions of your assemblies.
Should I use one single Strong Name Key (.snk) to sign all the assemblies of these projects or each assembly should be signed with a separate strong name key?
The key is your signature so use 1 for all your projects.
What's the purpose of password protection for strong name keys?
The whole signing process hinges on you being the only one who possesses the key. There is no certificate involved. Partial signing and protected keys can help you limit the number of people who have access to the key.