Configure strong-named assemblies for .NET

Strong-named assemblies are a .NET mechanism to give assemblies a unique ID. This provides several benefits, including the ability to have your assembly installed in the global assembly cache.

Although strong-naming uses cryptographic signatures, it is not intended to be used as a security mechanism. Microsoft recommends adding your public and private keys to your repository which Stainless will automatically do for you.

To enable strong-named assemblies, you will need a base64-encoded assembly originator key and corresponding public key. You can generate these keys on a Linux or Mac system (or on WSL) using the following commands:

export TEMP_SNK=mktemp
sn -k $TEMP_SNK
cat $TEMP_SNK | base64 -w 1000 # this is your base64-encoded assembly originator key
sn -tp $TEMP_SNK | grep -oE '^[0-9a-f]+$' | tr -d '\n'; echo # this is your public key
rm $TEMP_SNK # cleanup

Once you have your keys, add them to your Stainless config like so:

targets:
  csharp:
    ...
    strong_name:
      originator_key: foo # your base64-encoded assembly originator key
      public_key: bar # your public key

When you add those keys to your Stainless config, an Open.snk file will be added to your C# repository automatically, and strong-name signing will be enabled at build and publish time.