1Mono(sn)                                                              Mono(sn)
2
3
4

NAME

6       sn - Digitally sign/verify/compare strongnames on CLR assemblies.
7

SYNOPSIS

9       sn [-q | -quiet] [options] [parameters]
10

DESCRIPTION

12       Digitally sign, verify or compare CLR assemblies using strongnames.
13
14       You  can  use  the sn command to create "snk files" using the -k option
15       described below.
16

CONFIGURATION OPTIONS

18       Configuration options are stored in  the  machine.config  configuration
19       file under /configuration/strongNames.
20
21       -c provider
22              Change  the default CSP (Crypto Service Provider). Currently not
23              supported in Mono.
24
25       -m [y|n]
26              Use a machine [y] key container or a  user  [n]  key  container.
27              Currently not supported in Mono.
28
29       -Vl    List  the verification options. The list is kept under /configu‐
30              ration/ strongNames/verificationSettings in machine.config.
31
32       -Vr assembly [userlist]
33              Exempt the specified assembly from verification for  the  speci‐
34              fied  user  list.   Currently not supported by sn. You must edit
35              machine.config manually if you require this.
36
37       -Vu assembly
38              Remove the exemption entry for the specified assembly. Currently
39              not  supported  by  sn, you must edit machine.config manually if
40              you require this.
41
42       -Vx    Remove all exemptions entries. Currently not  supported  by  sn,
43              you must edit machine.config manually if you require this.
44
46       -d container
47              Delete the keypair present in the specified key container.
48
49       -i keypair.snk container
50              Import  the  specified  strongname  file into the specified con‐
51              tainer.
52
53       -pc container publickey
54              Export the public key from the specified CSP  container  to  the
55              specified file.
56

CONVERSION OPTIONS

58       -e assembly output.pub
59              Export the assembly public key to the specified output file.
60
61       -p keypair.snk output.pub
62              Export  the  public  key  from the specified strongname key file
63              (SNK) or from a PKCS#12/PFX password protected file to the spec‐
64              ified output file.
65
66       -o input output.txt
67              Convert the input file to a CSV file (using decimal).
68
69       -oh input output.txt
70              Convert the input file to a CSV file (using hexadecimal).
71

STRONGNAME SIGNING OPTIONS

73       -D assembly1 assembly2
74              Compare if assembly1 and assembly2 are the same except for their
75              signature.  This is done by comparing the hash of  the  metadata
76              of both assemblies.
77
78       -k [size] keypair.snk
79              Create  a  new  strongname  keypair  in  the specified file. The
80              default key length is 1024 bits and MUST  ALWAYS  be  used  when
81              signing  1.x  assemblies.   Any value from 384 to 16384 bits (in
82              increments of 8 bits) is a valid key length to sign  2.x  assem‐
83              blies.  To ensure maximum compatibility you may want to continue
84              using 1024 bits keys. Note that there's no good reason, even  if
85              it's possible, to use length lesser than 1024 bits.
86
87       -R assembly keypair.snk
88              Re-sign  the  specified  assembly using the specified strongname
89              keypair file (SNK) or a PKCS#12/PFX password protected file. You
90              can  only sign an assembly with the private key that matches the
91              public key inside the assembly (unless it's public key token has
92              been remapped in machine.config).
93
94       -Rc assembly container
95              Re-sign  the  specified  assembly using the specified strongname
96              container.
97
98       -t file
99              Show the public key token from the specified file.
100
101       -tp file
102              Show the public key and the public key token from the  specified
103              file.
104
105       -T assembly
106              Show the public key token from the specified assembly.
107
108       -Tp assembly
109              Show  the public key and the public key token from the specified
110              assembly.
111
112       -v assembly
113              Verify the specified assembly signature.
114
115       -vf assembly
116              Verify the specified assembly signature (even if disabled).
117

HELP OPTIONS

119       -h , -?
120              Display basic help about this tool.
121
122       -h config , -? config
123              Display configuration related help about this tool.
124
125       -h csp , -? csp
126              Display Cryptographic Service Provider related help  about  this
127              tool.
128
129       -h convert , -? convert
130              Display conversion related help about this tool.
131
132       -h sn , -? sn
133              Display strongname related help about this tool.
134

CONFIGURATION FILE

136       Strongnames  configuration  is kept in "machine.config" file. Currently
137       two
138              features can be configured.
139
140       /configuration/strongNames/pubTokenMapping
141              This mechanism lets Mono remap a public key token, like the ECMA
142              token, to another public key for verification. This is useful in
143              two scenarios. First, assemblies signed with the "ECMA key" need
144              to  be  verified  by  the "runtime" key (as the ECMA key isn't a
145              public key). Second, many assemblies  are  signed  with  private
146              keys that Mono can't use (e.g. System.Security.dll assembly).  A
147              new key cannot be used because it should change  the  strongname
148              (a  new key pair would have a new public key which would produce
149              a new token). Public key token remapping  is  the  solution  for
150              both  problems.  Each  token must be configured in a "map" entry
151              similar  to  this  one:   <map   Token="b77a5c561934e089"   Pub‐
152              licKey="00..." />
153
154       /configuration/strongNames/verificationSettings
155              It is often useful during development to use delay signed assem‐
156              blies.  Normally* the runtime wouldn't allow delay-signed assem‐
157              blies  to  be  loaded.   This  feature  allows some delay-signed
158              assemblies (based on their public key token, optionally assembly
159              name  and  user  name)  to  be  used like they were fully signed
160              assemblies. [*] Note that Mono 1.0  "runtime"  doesn't  validate
161              strongname  signatures  so  this option shouldn't be required in
162              most scenarios.
163

AUTHOR

165       Written by Sebastien Pouliot
166
168       Copyright (C) 2003 Motus  Technologies.   Copyright  (C)  2004  Novell.
169       Released under BSD license.
170

MAILING LISTS

172       Visit http://lists.ximian.com/mailman/listinfo/mono-list for details.
173

WEB SITE

175       Visit http://www.mono-project.com for details
176

SEE ALSO

178       secutil(1)
179
180
181
182                                                                      Mono(sn)
Impressum