You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For security reasons as well as Microsoft requirements, we sign all assemblies. For .net 6 we use Obfuscar. On .net 6 however signing does not seem to work or I just don't understand the process documented in .
We use currently a certificate in a password-protected pfx. As documented in #153 , there is yet no support to sign the assemblies using a pfx file when protected by a password.
All three issues, #146, #153 and this one (#439) are still very much needed. Using the code proposed in #153 I have made signing working. Do you see these changes come into the actual release? It are just a few lines of code with a high impact. If you want to I can share the code through a pull request.
For security reasons as well as Microsoft requirements, we sign all assemblies. For .net 6 we use Obfuscar. On .net 6 however signing does not seem to work or I just don't understand the process documented in .
We use currently a certificate in a password-protected pfx. As documented in #153 , there is yet no support to sign the assemblies using a pfx file when protected by a password.
It was tried to use the key container VS_KEY_xxx, which was created by installing the pfx using the password (see #146 and https://github.com/obfuscar/obfuscar/blob/master/Obfuscar/Project.cs#L126). However, the output assemblies are not digitally signed.
Sample properties assembly when obfuscated using obfuscar:
Sample same assembly signed from another .net framework obfuscator:
The project file specifies the key container:
The indicated key container is used by the build as signaled by:
but that might not be a good signal, since the original assembly is neither signed.
I have also tested to rewrite our signing following the instructions on https://medium.com/@szplaypiano/sign-the-assembly-with-visual-studio-without-going-crazy-36c6271af6bb to create a derivative pfx, creating the key container using SnInstallPfx, but to no result.
I seem unable to get signed assemblies as output of Obfuscar with a reasonable effort.
Question:
Are you open for a patch based upon #146 to include Obfuscar, which takes the PFX password from the XML and yields signed output?
The text was updated successfully, but these errors were encountered: