问题描述

在我的组织中，我们使用具有强名称程序集的snk文件。我们自己生成snk。

In my organization we use snk files with strong names assemblies. We generate the snk ourselves.

此外，我们在二进制文件上使用代码签名签名。

In addition we use a code signing signature on the binaries. We get the pfx from Verisign.

• 这两个进程有什么区别？


• Isn

推荐答案

snk不会收到来自Verisign的snk和pfx用于两个不同的目的。 snk用于强命名，它使用密钥对来唯一标识程序集。 pfx用于代码签名，这是一个类似的过程，但旨在防止恶意篡改公开分发的程序集。在程序集上同时使用强名称和符号。

The snk and pfx are used for two different purposes. The snk is used for strong-naming, which uses a key pair to uniquely identify an assembly. The pfx is for code signing, which is a similar process but one that is intended to prevent malicious tampering with assemblies that are distributed publicly. Using both on an assembly both strong-names AND signs it.

只要保持私钥安全，就可以生成自己的SNK文件。您从Verisign获得的PFX文件允许您使用由第三方保护的密钥签署程序集。这是一个额外的安全层，使您的程序集的用户知道它没有被篡改。

It's OK to generate your own SNK file as long as you keep the private key secure. The PFX file you get from Verisign allows you to sign the assembly using a key secured by a third party. This is an additional layer of security that lets users of your assembly know that it has not been tampered with.

这篇关于snk与代码签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！