How do I sign my assembly

I have a Windows Forms Application written in VB using Visual Studio 2010 that is signed but the code signing certificate has expired so I'm trying to figure out how to rebuild the assembly using a new certificate.

I used Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Export

I asked it to export a Private key, use .PFX format, include all certificates, and to export all extended properties

This produced a .PFX file called MyApp.pfx

When I try to specify this file on the Signing tab of the My Project section (Choose a strong name key file) of my VS 2010 project, after entering the password, I get the following error message:

"Cannot find the certificate and private key for decryption"

What am I doing wrong?

Also, I have the following post-build command:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool" sign /f C:\Path\MyCodeSigningCertificatePrivateKey.pfx /p xxxx $(TargetFileName)

This command executes without error.

It appears to me that this is re-signing the assembly after every build making the checked "Sign The Assembly" option on the Signing tab of my VS 2010 project redundant. Am I correct?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jacques Bourgeois (James Burger)PresidentCommented:
You cannot use that key directly after you have moved it to another computer. You need to Import it on the new computer, once again using Internet Explorer.

I could not say about signtool, because .NET assemblies are usually signed with snk. This is what what is used in the background when you sign through the Visual Studio interface.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ou81aswellAuthor Commented:
Thanks. The new key was imported onto the computer (it's the same development computer... the old code signing key simply expired so we got an updated one).
Jacques Bourgeois (James Burger)PresidentCommented:
Expired keys do not really expire. At least, not those generated by snk. If you use them only in-house, you can usually continue to use them after the expiration. It looks as if that date is only an indicator, nothing else.

The one I currently use expired in 2010 and still does its job, at least in standard versions of Windows. I have never developed something designed to be run on a server, so things might be different there.

But you can have problems signing old projects with new keys. If these projects are referenced by other projects, they are considered to be something else and are rejected. Once a project is signed, the signature becomes part of its identification for a lot of validations in the framework. This is done so that nobody can spoof your assembly, by creating another one with the same name and object model as yours, that could replace yours and create a security risk.
ou81aswellAuthor Commented:
Signing the tool in the post-build seems to work.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.