Strong Name Sign .NET Assemblies via SNK

Strong Name Sign .NET Assemblies via SNK

Strong Name Signing is a mechanism in .NET development that ensures the integrity and authenticity of assemblies. It is based on a public-private key procedure.
Contrary to what many assume, this is not a security mechanism, but a mechanism to ensure the uniqueness of the identity. It is therefore also recommended to store both private and public keys directly in the repository - and not to hide them; especially not in open source projects.

Immo Landwerth (.NET PM Microsoft)

Dear OSS maintainers: unless your keys are in hardware or used for sandboxing, just check in your .snk files. It's much easier.

Also the corresponding note in the official documentation:

Do not rely on strong names for security. They provide a unique identity only. ... If you are an open-source developer and you want the identity benefits of a strong-named assembly for better compatibility with .NET Framework, consider checking in the private key associated with an assembly to your source control system.


In the days of the .NET Framework, there were corresponding runtime benefits, such as identity management in the Global Assembly Cache (GAC), certain behaviors, etc., all of which no longer exist since .NET Core or .NET 5+. Strong naming is no longer validated at runtime. The only benefit today is the proof of identity.

How do you sign?

In principle, Tools are available as a CLI application, and Visual Studio also contains direct functionalities.
However, the better idea is to integrate the signing directly in the CI/CD system so that a stable and validatable automatism is created.

Creating the Key Pair

The CLI tool SN.exe (Strong Name Tool) is required for the initial creation of the SNK file, which is required for signing.

It can either be downloaded and used, or you can simply use the integrated CLI of Visual Studio (Developer Command Prompt) with the solution open in Visual Studio.

The command sn -k MyKeyName.snk is used to create the keypair. The name of the SNK file is usually the name of the solution - not the project itself.

** Visual Studio 2022 Developer Command Prompt v17.10.0-pre.4.0
** Copyright (c) 2022 Microsoft Corporation

C:\source\benabt\ba-StrongOf>sn -k MySolutionName.snk

Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Key pair written to MySolutionName.snk

The file MySolutionName.snk is now located next to the solution file - in this example MySolutionName.sln.

Next, the public key is extracted with the command sn -p MyKeyName.snk MyPublic.snk; another binary file. The public key contains a key that is required for the next steps.
The command that displays the public key as a hash is executed:

C:\source\benabt\ba-StrongOf>sn -tp public.snk

Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Public key (hash algorithm: sha1):

Now we are ready to sign

Configure projects

Usually all projects in a solution are signed and all use the identical identity signing key pair.

The easiest way to configure this is via the Directory.Build.props, so that this central path configures all projects; alternatively, all subsequent configurations can also be configured individually directly in the csproj files, with increased effort.

The Directory.Build.props is extended by the following entries:



Once the public key has been entered here, the public key file (in this case public.snk) can be deleted from the file system.

The configuration is now complete. All assemblies are now automatically signed during the build process 🎉


The sn -vf MyAssembly.dll command can now be used to check whether the signing was successful. This works both locally during development time and with the assemblies that are located in the NuGet package, for example.

C:\source\benabt\ba-StrongOf>sn -vf StrongOf.dll

Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Assembly 'StrongOf.dll' is valid


Open source examples that use SNK signing: