2

Is it possible to sign a class library netcore dll?

I created a simple net core class library project with the following code:

public class Test
{

    public static string TestMethod(string test)
    {
        return "Hello " + test+ "!";
    }
}

I went to project properties, tab signing, checked the "Sign the assembly" option and selected a pfx file.

Built the project and everything was ok.

I then created a net core console application project with the following code:

    static void Main(string[] args)
    {
        Console.WriteLine("Start...");

        try
        {
            string s = Test.TestMethod("123");

            Console.WriteLine("Retrieved: " + s);
        }
        catch (Exception ex)
        {
            Console.WriteLine("Error: " + ex.Message);
        }

        Console.WriteLine("Press any key to exit...");
        Console.ReadKey();
    }

To reference the project I added the project as a reference. Left click, add reference, projects and selected the project. When executing in the IDE everything works fine.

I then want to build my exe, so I go to the csproj and add the following line:

<RuntimeIdentifiers>win10-x64</RuntimeIdentifiers>

Then I do

dotnet restore

Everything is Ok, and then:

dotnet build

But it fails here with the error:

error : PFX signing not supported on .NET Core

Is it possible to sign a net core dll? If so what am I doing wrong?

ekad
  • 13,718
  • 26
  • 42
  • 44
lulas
  • 765
  • 5
  • 25
  • 2
    The .NET Core build chain [lacks the infrastructure to deal with PFX signing](https://github.com/Microsoft/msbuild/blob/master/src/Tasks/ResolveKeySource.cs). The current implementation is hard to make available in a platform-independent way. You can still give assemblies strong names with keys, but you can't sign them with certificates. At least not using the .NET Core build tools. – Jeroen Mostert Jul 06 '17 at 12:34

1 Answers1

1

Use SNK file instead of PFX file to sign assembly.

Create SNK by opening a developer command tool.

$ sn -k asdf.snk

This will create the asdf.snk file which you can use to sign assembly. dotnet build will now work.

What is difference between SNK and PFX? See this answer: snk vs. code signing certificate

The short answer is that PFX is a lot more secure. The good news is that you can sign your assemblies with PFX at some later point. Meanwhile the SNK signature will get you past a number of hurdles including dotnet build and allowing the assembly to be loaded by other strong names assemblies.

AQuirky
  • 3,448
  • 1
  • 19
  • 41