Home - Forums-.NET - Spices.Net - Unable to codesign, obfuscate and strong name assemblies.


NET code security, tools to protect, obfuscate, tamper defense, code and data safety, recover, convert, optimize, explore, browse and analyze .Net software.

This forum related to following products: Spices.Net Suite, Spices.Net Obfuscator, Spices.Net Decompiler

Unable to codesign, obfuscate and strong name assemblies.
Link Posted: 08-Sep-2010 11:43
If I Obfuscate outside of VS2010, I am able to build in VS2010, codesign from SDK Console, Obfuscate and strong name from Spices.net and back to VS2010 to build the setup.

When using the integrated version... achieving codesigning, obfuscation and strong name all in one step via setup project is not working. Assemblies are not code signed (which is a post build action of the main exe).

What am I missing? Please help.
Link Posted: 08-Sep-2010 14:06
But why you don't specify StrongNameKeyFile (and StrongNameKeyPassword if needed) properties in the VSIP version to sign your assembly after obfuscation?
How to specify these properties, you can see in the Spices.VSIP: Manage obfuscation settings in MS Visual Studio video tutorial:
Link Posted: 08-Sep-2010 14:13
I need the resulting assemblies to be 1) Code signed (Authenticode) 2) Obfuscated and 3) Strong name signed.
After obfuscation, what I get is obfuscated and strong name signed, but the Authenticode sign is lost (the assemblies are no longer code signed).
Link Posted: 08-Sep-2010 14:24
Thanks for the explanation.
In this case you can use MSBuild tasks to embed the MSBuild code sign task into your Visual Studio project to code sign your assembly before obfuscation (and after compilation).
Link Posted: 08-Sep-2010 14:32
My code signing command is a post build task of the main exe. It seems to sign and varify fine. Then Obfuscation and strong name sign happens. After this when I check the exe, the code sign verify fails... "No signature found".

Per msdn: http://blogs.msdn.com/b/shawnfa/archive/2007/01/10/combining-strong-names-with-authenticode.aspx

The order needs to be strong name sign then code sign. Now I am trying to figure out how to insert code signing after Obfuscation and strong name signing but before setup project packages the files. I would like to be able to do this as part of visual studio setup project build process which is using the integrated Spices.net obfuscator.
Link Posted: 08-Sep-2010 15:20
You can embed your code signing command into your Visual Studio project' build process and combine it with Obfuscator provided by Spices.VSIP.Obfuscator (how to embed MSBuild task into your project you can read in the Spices.Net Manual, Spices.Obfuscator\MSBuild integration chapter). Just use Exec task to run your postbuild command (here you can read explanation how to do it)
Link Posted: 08-Sep-2010 16:10
After obfuscation, the signtool command throws the error shown below, if I don't obfuscate the same command works just fine. So if I can get the command to work, I will find a way to call it before packaging.

So, I am able to code sign the exe if I don't obfuscate using the following command: "signtool sign /a".

The output generated after obfuscation + Strong name signing somehow causes the same signtool command to fail with the following error:

SignTool Error: SignedCode::Sign returned error: 0x80070057
        The parameter is incorrect.
SignTool Error: An error occurred while attempting to sign: D:\...
Link Posted: 08-Sep-2010 17:20
Got it working! Providing a .bat file to AfterProjectObfuscation for code signing seems to do it at just the right time in the setup build process.
Link Posted: 09-Sep-2010 00:18
By the way, you can use macros in the AfterProjectObfuscation.
Descriptions and explanations you can find here or in the Spices.Net manual (FAQ \ Spices.Obfuscator questions \ How can I use Obfuscation events topic)