Baran Topal

Baran Topal

July 2024
« Feb    


C# and SNK (Capcom vs. SNK)


Long ago, I had a C# solution with some projects in it and every project had its own snk file. I was curious:

1) What is the use of snk files?
2) How to create a snk file for my project newly added to my solution?

Assemblies can be assigned a cryptographic signature, called a strong name, which provides name uniqueness for the assembly and prevents someone from taking over the name of your assembly (name spoofing). If you are deploying an assembly that will be shared among many applications on the same machine, it must have a strong name. Even if you only use the assembly within your application, using a strong name ensures that the correct version of the assembly gets loaded
The first step in building an assembly with a strong name is to obtain a cryptographic key pair. The .NET Framework SDK includes a Strong Name tool (Sn.exe) that can be used to generate a key pair. The key pair that is generated by the Strong Name tool can be kept in a file or you can store it in your local machine’s Cryptographic Service Provider (CSP). The following command uses the Strong Name tool to generate a new key pair and store it in a file called TestKey.snk:

sn -k Testkey.snk

Once you have obtained the key pair, you need to add the proper custom attribute to your source in order for the compiler to emit the assembly with a strong name. Choosing the correct attribute depends on whether the key pair used for the signing is contained in a file or in a key container within the CSP. For keys stored in a file, use System.Reflection.AssemblyKeyFileAttribute. For keys stored in the CSP use System.Reflection.AssemblyKeyNameAttribute.

The following example uses AssemblyKeyFileAttribute to specify the name of the file containing the key pair. In Visual Basic, the assembly level attributes must be the first statements in the file.

using System; 
using System.Reflection; 


You can also choose to delay sign your assembly. This means that the space for the signature is reserved in the PE file, but the signing itself is not done until later. This approach is typically used if you do not have access to the private key you need to generate the strong name.