C#: why sign an assembly?

Craig Johnston picture Craig Johnston · Oct 20, 2010 · Viewed 53.9k times · Source

In some C# code I have taken over (in Visual Studio 2005), I have noticed that the assemblies are all signed with the same .snk file.

  • Why would the previous author have signed the assemblies in this way?
  • Is signing assemblies necessary and what would be wrong with not signing?
  • What disadvantages are there in signing assemblies - does it cause delays?

Answer

Darin Dimitrov picture Darin Dimitrov · Oct 20, 2010

Why would the previous author have signed the assemblies in this way?

No idea, maybe he wanted all his assemblies to be signed with the same key.

Is signing assemblies necessary and what would be wrong with not signing it?

No, it is not necessary but it is a mechanism allowing you to ensure the authenticity of an assembly. It allows you to ensure that an assembly hasn't been tampered with and indeed it origins from this author. It is also necessary if you want to put them into the GAC.

What disadvantages are there in signing assemblies - does it cause delays?

Signed assemblies can only load other signed assemblies. Also they are tied to a specific version meaning that you need to use binding redirects or recompile the application if you wanted to use a different version. There's a little performance overhead as well due to the verification of the signature but it is so little that you shouldn't be concerned about.