The Strong Name tool helps sign assemblies with strong names. The Strong Name tool provides options for key management, signature generation, and signature verification.
The application file for the strong name tool is named sn.exe in the Shared Source CLI (SSCLI) on Microsoft® Windows®.
sn [-quiet][option [parameter(s)]]
The SSCLI implementation of the Strong Name tool does not not support key container functionality. Only reading and writing keys to files is supported. Consequently, the following options in the .NET Framework implementation of the tool are not supported on the SSCLI:
Options can be specified using either a dash (-) or a slash (/).
Note: All Strong Name tool options are case-sensitive and must be typed exactly as shown to be recognized by the tool.
| Option | Description |
|---|---|
| -D assembly1 assembly2 | Verifies that two assemblies differ only by signature. This is often used as a check after an assembly has been re-signed with a different key pair. |
| -e assembly outfile | Extracts the public key from assembly and stores it in outfile. |
| -h | Displays command syntax and options for the tool. |
| -k outfile | Generates a new key pair and writes it to the specified file. |
| -o infile [outfile] | Extracts the public key from the infile and stores it in a .csv file. A comma separates each byte of the public key. This format is useful for hard-coding references to keys as initialized arrays in source code. If you do not specify an outfile, this option places the output on the Clipboard. |
| -p infile outfile | Extracts the public key from the key pair in infile and stores it in outfile. This public key can be used to delay sign an assembly using the /delaysign+ and /keyfile options of the Assembly Linker (Al.exe). When an assembly is delay-signed, only the public key is set at compile time and space is reserved in the file for the signature to be added later when the private key is known. |
| -q[uiet] | Specifies quiet mode; suppresses the display of success messages. |
| -R assembly infile | Re-signs a previously signed or delay signed assembly with the key pair in infile. |
| -t[p] infile | Displays the token for the public key stored in infile. The contents of infile must be previously generated using -p.
The Strong Name Tool computes the token using a hash function from the public key. To save space, the common language runtime stores public key tokens in the manifest as part of a reference to another assembly when it records a dependency to an assembly that has a strong name. The -tp option displays the public key in addition to the token. |
| -T[p] assembly | Displays the public key token for assembly. The assembly must be the name of a file that contains an assembly manifest.
The Strong Name Tool computes the token using a hash function from the public key. To save space, the runtime stores public key tokens in the manifest as part of a reference to another assembly when it records a dependency to an assembly that has a strong name. The -Tp option displays the public key in addition to the token. |
| -v assembly | Verifies the strong name in assembly, where assembly is the name of a file that contains an assembly manifest. |
| -vf assembly | Verifies the strong name in assembly. Unlike the -v option, -vf forces verification even if it is disabled using the -Vr option. |
| -Vl | Lists current settings for strong name verification on this computer. |
| -Vr assembly [userlist] | Registers assembly for skipping verification. Optionally, you can specify a comma-separated list of user names. Assembly can be specified in the form *, strongname to register all assemblies with the specified strong name. Strongname should be specified as the string of hexadecimal digits representing the tokenized form of the public key. See the -t and -T options to display the public key token. |
| -Vu assembly | Unregisters assembly for verification skipping. The same rules for assembly naming that apply to -Vr apply to -Vu. |
| -Vx | Removes all verification-skipping entries. |
| -? | Displays command syntax and options for the tool. |
The -R option is useful with assemblies that have been delay-signed. In this scenario, only the public key has been set at compile time and signing is performed later when the private key is known.
The following command creates a new, random key pair and stores it in keyPair.snk.
sn -k keyPair.snk
The following command extracts the public key from keyPair.snk and stores it in publicKey.snk.
sn -p keyPair.snk publicKey.snk
The following command verifies the assembly MyAsm.dll.
sn -v MyAsm.dll
Copyright (c) 2006 Microsoft Corporation. All rights reserved.