1Mono(sn) Mono(sn)
2
3
4
6 sn - Digitally sign/verify/compare strongnames on CLR assemblies.
7
9 sn [-q | -quiet] [options] [parameters]
10
12 Digitally sign, verify or compare CLR assemblies using strongnames.
13
14 You can use the sn command to create "snk files" using the -k option
15 described below.
16
18 Configuration options are stored in the machine.config configuration
19 file under /configuration/strongNames.
20
21 -c provider
22 Change the default CSP (Crypto Service Provider). Currently not
23 supported in Mono.
24
25 -m [y|n]
26 Use a machine [y] key container or a user [n] key container.
27 Currently not supported in Mono.
28
29 -Vl List the verification options. The list is kept under /configu‐
30 ration/ strongNames/verificationSettings in machine.config.
31
32 -Vr assembly [userlist]
33 Exempt the specified assembly from verification for the speci‐
34 fied user list. Currently not supported by sn. You must edit
35 machine.config manually if you require this.
36
37 -Vu assembly
38 Remove the exemption entry for the specified assembly. Currently
39 not supported by sn, you must edit machine.config manually if
40 you require this.
41
42 -Vx Remove all exemptions entries. Currently not supported by sn,
43 you must edit machine.config manually if you require this.
44
46 -d container
47 Delete the keypair present in the specified key container.
48
49 -i keypair.snk container
50 Import the specified strongname file into the specified con‐
51 tainer.
52
53 -pc container publickey
54 Export the public key from the specified CSP container to the
55 specified file.
56
58 -e assembly output.pub
59 Export the assembly public key to the specified output file.
60
61 -p keypair.snk output.pub
62 Export the public key from the specified strongname key file
63 (SNK) or from a PKCS#12/PFX password protected file to the spec‐
64 ified output file.
65
66 -o input output.txt
67 Convert the input file to a CSV file (using decimal).
68
69 -oh input output.txt
70 Convert the input file to a CSV file (using hexadecimal).
71
73 -D assembly1 assembly2
74 Compare if assembly1 and assembly are the same exception for
75 their signature. This is done by comparing the hash of the
76 metadata of both assembly.
77
78 -k [size] keypair.snk
79 Create a new strongname keypair in the specified file. The
80 default key length is 1024 bits and MUST ALWAYS be used when
81 signing 1.x assemblies. Any value from 384 to 16384 bits (in
82 increments of 8 bits) is a valid key length to sign 2.x assem‐
83 blies. To ensure maximum compatibility you may want to continue
84 using 1024 bits keys. Note that there's no good reason, even if
85 it's possible, to use length lesser than 1024 bits.
86
87 -R assembly keypair.snk
88 Re-sign the specified assembly using the specified strongname
89 keypair file (SNK) or a PKCS#12/PFX password protected file. You
90 can only sign an assembly with the private key that match the
91 public key inside the assembly (unless it's public key token has
92 been remapped in machine.config).
93
94 -Rc assembly container
95 Re-sign the specified assembly using the specified strongname
96 container.
97
98 -t file
99 Show the public key token from the specified file.
100
101 -tp file
102 Show the public key and the public key token from the specified
103 file.
104
105 -T assembly
106 Show the public key token from the specified assembly.
107
108 -Tp assembly
109 Show the public key and the public key token from the specified
110 assembly.
111
112 -v assembly
113 Verify the specified assembly signature.
114
115 -vf assembly
116 Verify the specified assembly signature (even if disabled).
117
119 -h , -?
120 Display basic help about this tool.
121
122 -h config , -? config
123 Display configuration related help about this tool.
124
125 -h csp , -? csp
126 Display Cryptographic Service Provider related help about this
127 tool.
128
129 -h convert , -? convert
130 Display conversion related help about this tool.
131
132 -h sn , -? sn
133 Display strongname related help about this tool.
134
136 Strongnames configuration is kept in "machine.config" file. Currently
137 two
138 features can be configured.
139
140 /configuration/strongNames/pubTokenMapping
141 This mechanism lets Mono remap a public key token, like the ECMA
142 token, to another public key for verification. This is useful in
143 two scenarios. First, assemblies signed with the "ECMA key" need
144 to be verified by the "runtime" key (as the ECMA key isn't a
145 public key). Second, many assemblies are signed with private
146 keys that Mono can't use (e.g. System.Security.dll assembly). A
147 new key cannot be used because it should change thr strongname
148 (a new key pair would have a new public key which would produce
149 a new token). Public key token remapping is the solution for
150 both problems. Each token must be configured in a "map" entry
151 similar to this one: <map Token="b77a5c561934e089" Pub‐
152 licKey="00..." />
153
154 /configuration/strongNames/verificationSettings
155 It is often useful during development to use delay signed assem‐
156 blies. Normally* the runtime wouldn't allow delay-signed assem‐
157 blies to be loaded. This feature allows some delay-signed
158 assemblies (based on their public key token, optionally assembly
159 name and user name) to be used like they were fully signed
160 assemblies. [*] Note that Mono 1.0 "runtime" doesn't validate
161 strongname signatures so this option shouldn't be required in
162 most scenarios.
163
165 Written by Sebastien Pouliot
166
168 Copyright (C) 2003 Motus Technologies. Copyright (C) 2004 Novell.
169 Released under BSD license.
170
172 Visit http://lists.ximian.com/mailman/listinfo/mono-list for details.
173
175 Visit http://www.mono-project.com for details
176
178 secutil(1)
179
180
181
182 Mono(sn)