Home‎ > ‎

Adding strong-name key to unsigned 3rd party DLLs

posted Jul 28, 2011, 12:21 AM by Pieter-Bas IJdens
Recently I gave myself the task to make sure that all software we release at Sevensteps is propertly strong-name signed, and properly code-signed with our own signing certificates. Obviously, when doing this I encountered some issues where it would be impossible for me to strong-name sign an assembly because one of assemblies it depended on did not have any strong-name information.

The only correct way around this is obviously to acquire a version of the DLL that's properly signed. Alternatively once could acquire the sources to such DLL, review them and create a signed build.

Taking above steps solved 99% of the issues that I was having. However, I still was stuck with a few DLLs for which neither solution was an option.

In order to be able to continue building, I decided to strong-name sign these assemblies myself with a 'special' key that we use for this purpose. By far the easiest way I found of doing this is to disassemble the DLL (provided the license allows this), and re-assemble it, using ildasm and ilasm.

I created the following little batch file to help me with this:

@echo off

set SIGNTEMP=%TEMP%\SigningTempDir
set WORKING_FOLDER=%~dp1
set BASENAMEANDPATH=%~dpn1
set FILENAME=%~n1
set LOGFILE=%BASENAMEANDPATH%-Convert.log
set ERRFILE=%BASENAMEANDPATH%-Convert.err

del %LOGFILE%
del %ERRFILE%

rmdir /q/s %SIGNTEMP% >> "%LOGFILE%" 2>> "%ERRFILE%"
mkdir %SIGNTEMP% >> "%LOGFILE%" 2>> "%ERRFILE%"

"%ProgramFiles(x86)%\Microsoft SDKs\Windows\v7.0A\bin\NETFX 4.0 Tools\ildasm.exe" %BASENAMEANDPATH%.dll /OUT:%SIGNTEMP%\%FILENAME%.il >> "%LOGFILE%" 2>> "%ERRFILE%"

pushd %SIGNTEMP% >> "%LOGFILE%" 2>> "%ERRFILE%"
copy \\ourfileserver.example.com\SharedBuildTasks\OurSpecialKey.snk . >> "%LOGFILE%" 2>> "%ERRFILE%"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" %FILENAME%.il /DLL /RESOURCE=%FILENAME%.res /KEY=OurSpecialKey.snk >> "%LOGFILE%" 2>> "%ERRFILE%"
copy %FILENAME%.dll "%WORKING_FOLDER%\SIGNED-%FILENAME%.dll" >> "%LOGFILE%" 2>> "%ERRFILE%"
popd >> "%LOGFILE%" 2>> "%ERRFILE%"

echo Created signed copy of the DLL in %WORKING_FOLDER%\SIGNED-%FILENAME%.dll

p.s. The %~... parameters are explained at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/percent.mspx?mfr=true. Very useful when writing batch files.
Comments