|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
sn.exe exit code documentation ?When one calls sn.exe, what are the expected error codes (errorlevel) in return ? I'm using delay signing. I think about three cases when achieving the final signing: - assembly was signed successfully (seems to be errorlevel 0) - assembly was not signed because it's already signed with the provided key - assembly could not be signed (either because it's already signed with another key, or file not found etc) I could not find anything related to those exit codes in the documentation. Is there any official reference for that ? kind regards Thibaut Barrère [note: this is a cross post from http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=66938 / there is much more traffic here] "Thibaut" <Thib***@discussions.microsoft.com> wrote in message Actually, it'll be resigned anyway, so it should simply appear to be a news:B67FFB0F-BBBB-4CB3-8554-0B924F8FBE04@microsoft.com... > Hi, > > When one calls sn.exe, what are the expected error codes (errorlevel) in > return ? > > I'm using delay signing. I think about three cases when achieving the > final > signing: > - assembly was signed successfully (seems to be errorlevel 0) > - assembly was not signed because it's already signed with the provided > key successful signing (exit code 0). > - assembly could not be signed (either because it's already signed with Again, it'll be resigned anyway (even though, in this case, the assembly > another key, will not be loadable since the signature and the key won't match), so the exit code is 0. > or file not found etc) I know of no documentation regarding the exit codes in sn.exe error scenarios. However, a quick test shows that the exit code is 1 in at least the three following cases: 1. Target assembly does not exist. 2. Signing key container does not exist. 3. Signing key file does not exist. I'm guessing that other error scenarios may also yield the same result code. If you want to be able to distinguish between them, it looks like you'll probably need to capture and process the output messages generated by sn.exe. Show quoteHide quote > > I could not find anything related to those exit codes in the > documentation. > Is there any official reference for that ? > > kind regards > > Thibaut Barrère > > [note: this is a cross post from > http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=66938 / there is > much > more traffic here] > Again, it'll be resigned anyway (even though, in this case, the assembly I may be missing something here, but sn will not resign an assembly that has > will not be loadable since the signature and the key won't match), so the > exit code is 0. already been signed by another key - you will get the "Key pair does not match public key from assembly --" error. You will have to change the public key inside the assembly first and then resign with sn. -- William Stacey [MVP] That would be v. 2.0 behaviour. In v. 1.x, sn.exe doesn't verify the
details of the current key before re-signing with the specified key. Show quoteHide quote "William Stacey [MVP]" <stac***@mvps.org> wrote in message news:ul9MpEEmFHA.3312@tk2msftngp13.phx.gbl... >> Again, it'll be resigned anyway (even though, in this case, the assembly >> will not be loadable since the signature and the key won't match), so the >> exit code is 0. > > I may be missing something here, but sn will not resign an assembly that > has already been signed by another key - you will get the "Key pair does > not match public key from assembly --" error. You will have to change the > public key inside the assembly first and then resign with sn. > > -- > William Stacey [MVP] > > > hmm. I thought I remember the same behavior in 1.1. I don't have a 1.1
build to test with, but assume you tried it already. Do you (or others) know if you can load an already signed assem and resign it in code (in 2.0)? If so, any examples? TIA -- Show quoteHide quoteWilliam Stacey [MVP] "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OT2M9SEmFHA.2444@tk2msftngp13.phx.gbl... > That would be v. 2.0 behaviour. In v. 1.x, sn.exe doesn't verify the > details of the current key before re-signing with the specified key. > > > > "William Stacey [MVP]" <stac***@mvps.org> wrote in message > news:ul9MpEEmFHA.3312@tk2msftngp13.phx.gbl... >>> Again, it'll be resigned anyway (even though, in this case, the assembly >>> will not be loadable since the signature and the key won't match), so >>> the exit code is 0. >> >> I may be missing something here, but sn will not resign an assembly that >> has already been signed by another key - you will get the "Key pair does >> not match public key from assembly --" error. You will have to change >> the public key inside the assembly first and then resign with sn. >> >> -- >> William Stacey [MVP] >> >> >> > > "William Stacey [MVP]" <stac***@mvps.org> wrote in message Yup.news:O$AENeEmFHA.3552@TK2MSFTNGP10.phx.gbl... > hmm. I thought I remember the same behavior in 1.1. I don't have a 1.1 > build to test with, but assume you tried it already. > Do you (or others) know if you can load an already signed assem and resign I haven't tried it, but I suspect that it's most likely possible. One > it in code (in 2.0)? obvious approach to try would be "reversion" to a delay-signed state in order to apply one's preferred key. Is there any particular reason you're interested in this scenario (other than, say, simple curiosity about the ease of hacking the signature <g>)? Show quoteHide quote > If so, any examples? TIA > > -- > William Stacey [MVP] > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:OT2M9SEmFHA.2444@tk2msftngp13.phx.gbl... >> That would be v. 2.0 behaviour. In v. 1.x, sn.exe doesn't verify the >> details of the current key before re-signing with the specified key. >> >> >> >> "William Stacey [MVP]" <stac***@mvps.org> wrote in message >> news:ul9MpEEmFHA.3312@tk2msftngp13.phx.gbl... >>>> Again, it'll be resigned anyway (even though, in this case, the >>>> assembly will not be loadable since the signature and the key won't >>>> match), so the exit code is 0. >>> >>> I may be missing something here, but sn will not resign an assembly that >>> has already been signed by another key - you will get the "Key pair does >>> not match public key from assembly --" error. You will have to change >>> the public key inside the assembly first and then resign with sn. >>> >>> -- >>> William Stacey [MVP] >>> >>> >>> >> >> > > 
Other interesting topics
Authorization against AD using MC++
Why defaultcredential doesn't use the impersonated user? Java security api - DCE 128bit encryption with .NET SecurityException: Request Failed on CreateInstanceAndUnwrap HttpWebRequest.GetRequestStream - Trust Failure In Windows Service Forms Authentication Not Redirecting To Login Page Runtime error when running caspol w/ -pub -hex Propagate Credentials from Internet Explorer Host Instead of Defau Decrypt file in VB6 encrypted in vb.net <identity impersonat=> problems. |
|||||||||||||||||||||||
