The default key container that is used by sn.exe is also in that location. In case you reset your key container to a new one, and forget where it is. You can reset the key container for the strong name utility using sn.exe -c. So, if the account access fix doesn't work, you may be using an alternate key store so a reset may be in order. Dec 12, 2013 At the command prompt, navigate to the location where you want to create the key file. For example, type cd C:Sample, and then press ENTER. At the command prompt, type sn -k key file name.snk, and then press ENTER. At the command prompt, type exit, and then press ENTER. More information: Create a Strong-Name Key File.
32 rows The key container resides in the strong name CSP.-k keysize outfile: Generates a new. Creating Strong Name Key - The operation could not be completed. Invalid provider type specified. Cannot create a file when that file already exists' from Microsoft.VisualStudio.ExtensibilityHosting.VsExportProviderFactoryWorker.SerializeExternalAssemblies 0.
The Strong Name tool (Sn.exe) helps sign assemblies with strong names. Sn.exe provides options for key management, signature generation, and signature verification.
Warning
Do not rely on strong names for security. They provide a unique identity only.
For more information on strong naming and strong-named assemblies, see Strong-Named Assemblies and How to: Sign an Assembly with a Strong Name.
The Strong Name tool is automatically installed with Visual Studio. To start the tool, use the Developer Command Prompt (or the Visual Studio Command Prompt in Windows 7). Generate ssh keys with git bash. For more information, see Command Prompts.
Note
On 64-bit computers, run the 32-bit version of Sn.exe by using the Developer Command Prompt for Visual Studio and the 64-bit version by using the Visual Studio x64 Win64 Command Prompt.
At the command prompt, type the following:
| Option | Description |
|---|---|
-a identityKeyPairFile signaturePublicKeyFile | Generates AssemblySignatureKeyAttribute data to migrate the identity key to the signature key from a file. |
-ac identityPublicKeyFile identityKeyPairContainer signaturePublicKeyFile | Generates AssemblySignatureKeyAttribute data to migrate the identity key to the signature key from a key container. |
-c [csp] | Sets the default cryptographic service provider (CSP) to use for strong name signing. This setting applies to the entire computer. If you do not specify a CSP name, Sn.exe clears the current setting. |
-d container | Deletes the specified key container from the strong name CSP. |
-D assembly1 assembly2 | Verifies that two assemblies differ only by signature. This is often used as a check after an assembly has been re-signed with a different key pair. |
-e assembly outfile | Extracts the public key from assembly and stores it in outfile. |
-h | Displays command syntax and options for the tool. |
-i infile container | Installs the key pair from infile in the specified key container. The key container resides in the strong name CSP. |
-k [keysize] outfile | Generates a new RSACryptoServiceProvider key of the specified size and writes it to the specified file. Both a public and private key are written to the file. If you do not specify a key size, a 1,024-bit key is generated by default if you have the Microsoft enhanced cryptographic provider installed; otherwise, a 512-bit key is generated. The keysize parameter supports key lengths from 384 bits to 16,384 bits in increments of 8 bits if you have the Microsoft enhanced cryptographic provider installed. It supports key lengths from 384 bits to 512 bits in increments of 8 bits if you have the Microsoft base cryptographic provider installed. |
-m [y n] | Specifies whether key containers are computer-specific, or user-specific. If you specify y, key containers are computer-specific. If you specify n, key containers are user-specific. If neither y nor n is specified, this option displays the current setting. |
-o infile [outfile] | Extracts the public key from the infile and stores it in a .csv file. A comma separates each byte of the public key. This format is useful for hard-coding references to keys as initialized arrays in source code. If you do not specify an outfile, this option places the output on the Clipboard. Note: This option does not verify that the input is only a public key. If the infile contains a key pair with a private key, the private key is also extracted. |
-p infile outfile [hashalg] | Extracts the public key from the key pair in infile and stores it in outfile, optionally using the RSA algorithm specified by hashalg. This public key can be used to delay-sign an assembly using the /delaysign+ and /keyfile options of the Assembly Linker (Al.exe). When an assembly is delay-signed, only the public key is set at compile time and space is reserved in the file for the signature to be added later, when the private key is known. |
-pc container outfile [hashalg] | Extracts the public key from the key pair in container and stores it in outfile. If you use the hashalg option, the RSA algorithm is used to extract the public key. |
-Pb [y n] | Specifies whether the strong-name bypass policy is enforced. If you specify y, strong names for full-trust assemblies are not validated when loaded into a full-trust AppDomain. If you specify n, strong names are validated for correctness, but not for a specific strong name. The StrongNameIdentityPermission has no effect on full-trust assemblies. You must perform your own check for a strong name match. If neither y nor n is specified, this option displays the current setting. The default is y. Note: On 64-bit computers, you must set this parameter in both the 32-bit and the 64-bit instances of Sn.exe. |
-q[uiet] | Specifies quiet mode; suppresses the display of success messages. |
-R[a] assembly infile | Re-signs a previously signed or delay-signed assembly with the key pair in infile. If -Ra is used, hashes are recomputed for all files in the assembly. |
-Rc[a] assembly container | Re-signs a previously signed or delay-signed assembly with the key pair in container. If -Rca is used, hashes are recomputed for all files in the assembly. |
-Rh assembly | Recomputes hashes for all files in the assembly. |
-t[p] infile | Displays the token for the public key stored in infile. The contents of infile must be a public key previously generated from a key pair file using -p. Do not use the -t[p] option to extract the token directly from a key pair file. Sn.exe computes the token by using a hash function from the public key. To save space, the common language runtime stores public key tokens in the manifest as part of a reference to another assembly when it records a dependency to an assembly that has a strong name. The -tp option displays the public key in addition to the token. If the AssemblySignatureKeyAttribute attribute has been applied to the assembly, the token is for the identity key, and the name of the hash algorithm and the identity key is displayed. Note that this option does not verify the assembly signature and should not be used to make trust decisions. This option only displays the raw public key token data. |
-T[p] assembly | Displays the public key token for assembly. The assembly must be the name of a file that contains an assembly manifest. Sn.exe computes the token by using a hash function from the public key. To save space, the runtime stores public key tokens in the manifest as part of a reference to another assembly when it records a dependency to an assembly that has a strong name. The -Tp option displays the public key in addition to the token. If the AssemblySignatureKeyAttribute attribute has been applied to the assembly, the token is for the identity key, and the name of the hash algorithm and the identity key is displayed. Note that this option does not verify the assembly signature and should not be used to make trust decisions. This option only displays the raw public key token data. |
-TS assembly infile | Test-signs the signed or partially signed assembly with the key pair in infile. |
-TSc assembly container | Test-signs the signed or partially signed assembly with the key pair in the key container container. |
-v assembly | Verifies the strong name in assembly, where assembly is the name of a file that contains an assembly manifest. |
-vf assembly | Verifies the strong name in assembly. Unlike the -v option, -vf forces verification even if it is disabled using the -Vr option. |
-Vk regfile.reg assembly [userlist] [infile] | Creates a registration entries (.reg) file you can use to register the specified assembly for verification skipping. The rules for assembly naming that apply to the -Vr option apply to –Vk as well. For information about the userlist and infile options, see the –Vr option. |
-Vl | Lists current settings for strong-name verification on this computer. |
-Vr assembly [userlist] [infile] | Registers assembly for verification skipping. Optionally, you can specify a comma-separated list of user names the skip verification should apply to. If you specify infile, verification remains enabled, but the public key in infile is used in verification operations. You can specify assembly in the form *, strongname to register all assemblies with the specified strong name. For strongname, specify the string of hexadecimal digits representing the tokenized form of the public key. See the -t and -T options to display the public key token. Caution: Use this option only during development. Adding an assembly to the skip verification list creates a security vulnerability. A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification. |
-Vu assembly | Unregisters assembly for verification skipping. The same rules for assembly naming that apply to -Vr apply to -Vu. |
-Vx | Removes all verification-skipping entries. |
-? | Displays command syntax and options for the tool. |
Note
All Sn.exe options are case-sensitive and must be typed exactly as shown to be recognized by the tool.
The -R and –Rc options are useful with assemblies that have been delay-signed. In this scenario, only the public key has been set at compile time and signing is performed later, when the private key is known.
Note
For parameters (for example, –Vr) that write to protected resources such as the registry, run SN.exe as an administrator.
The Strong Name tool assumes that public/private key pairs are generated with the AT_SIGNATURE algorithm identifier. Public/private key pairs generated with the AT_KEYEXCHANGE algorithm generate an error.
The following command creates a new, random key pair and stores it in keyPair.snk.
The following command stores the key in keyPair.snk in the container MyContainer in the strong name CSP.
The following command extracts the public key from keyPair.snk and stores it in publicKey.snk.
The following command displays the public key and the token for the public key contained in publicKey.snk.
The following command verifies the assembly MyAsm.dll.
The following command deletes MyContainer from the default CSP.
A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key. (The assembly file contains the assembly manifest, which contains the names and hashes of all the files that make up the assembly.)
Warning
Do not rely on strong names for security. They provide a unique identity only.
A strong-named assembly can only use types from other strong-named assemblies. Otherwise, the integrity of the strong-named assembly would be compromised.
Note
Although .NET Core supports strong-named assemblies, and all assemblies in the .NET Core library are signed, the majority of third-party assemblies do not need strong names. For more information, see Strong Name Signing on GitHub.
The following scenario outlines the process of signing an assembly with a strong name and later referencing it by that name.
Assembly A is created with a strong name using one of the following methods:
Using a development environment that supports creating strong names, such as Visual Studio.
Creating a cryptographic key pair using the Strong Name tool (Sn.exe) and assigning that key pair to the assembly using either a command-line compiler or the Assembly Linker (Al.exe). The Windows SDK provides both Sn.exe and Al.exe.
The development environment or tool signs the hash of the file containing the assembly's manifest with the developer's private key. This digital signature is stored in the portable executable (PE) file that contains Assembly A's manifest.
Assembly B is a consumer of Assembly A. The reference section of Assembly B's manifest includes a token that represents Assembly A's public key. A token is a portion of the full public key and is used rather than the key itself to save space.
The common language runtime verifies the strong name signature when the assembly is placed in the global assembly cache. When binding by strong name at run time, the common language runtime compares the key stored in Assembly B's manifest with the key used to generate the strong name for Assembly A. If the .NET Framework security checks pass and the bind succeeds, Assembly B has a guarantee that Assembly A's bits have not been tampered with and that these bits actually come from the developers of Assembly A.
Note
This scenario doesn't address trust issues. Assemblies can carry full Microsoft Authenticode signatures in addition to a strong name. Authenticode signatures include a certificate that establishes trust. It's important to note that strong names don't require code to be signed in this way. Strong names only provide a unique identity.
Starting with the .NET Framework 3.5 Service Pack 1, strong-name signatures are not validated when an assembly is loaded into a full-trust application domain, such as the default application domain for the MyComputer zone. This is referred to as the strong-name bypass feature. In a full-trust environment, demands for StrongNameIdentityPermission always succeed for signed, full-trust assemblies, regardless of their signature. The strong-name bypass feature avoids the unnecessary overhead of strong-name signature verification of full-trust assemblies in this situation, allowing the assemblies to load faster.
The bypass feature applies to any assembly that is signed with a strong name and that has the following characteristics:
Fully trusted without StrongName evidence (for example, has MyComputer zone evidence).
Loaded into a fully trusted AppDomain.
Loaded from a location under the ApplicationBase property of that AppDomain.
Not delay-signed.
This feature can be disabled for individual applications or for a computer. See How to: Disable the strong-name bypass feature.
| Title | Description |
|---|---|
| How to: Create a public-private key pair | Describes how to create a cryptographic key pair for signing an assembly. |
| How to: Sign an assembly with a strong name | Describes how to create a strong-named assembly. |
| Enhanced strong naming | Describes enhancements to strong-names in the .NET Framework 4.5. |
| How to: Reference a strong-named assembly | Describes how to reference types or resources in a strong-named assembly at compile time or run time. |
| How to: Disable the strong-name bypass feature | Describes how to disable the feature that bypasses the validation of strong-name signatures. This feature can be disabled for all or for specific applications. |
| Create assemblies | Provides an overview of single-file and multifile assemblies. |
| How to delay sign an assembly in Visual Studio | Explains how to sign an assembly with a strong name after the assembly has been created. |
| Sn.exe (Strong Name tool) | Describes the tool included in the .NET Framework that helps create assemblies with strong names. This tool provides options for key management, signature generation, and signature verification. |
| Al.exe (Assembly linker) | Describes the tool included in the .NET Framework that generates a file that has an assembly manifest from modules or resource files. |