search

aws / aws-secretsmanager-caching-net

The AWS Secrets Manager .NET caching client enables in-process caching of secrets for .NET applications.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html
Apache License 2.0
55 stars 23 forks source link

Assembly is not signed (1.0.4) #29

Open bthharper opened 2 years ago

bthharper commented 2 years ago

I have tried using the latest NuGet package with an application that is signed, however, I am unable to due to the lack of signing. I see an issue was already raised for this #20, but I could not see how to reopen that.

image

Could you please provide a version that is signed?

simonmarty commented 2 years ago 
signtool.exe verify Amazon.SecretsManager.Extensions.Caching.dll

========================================
SignTool Error: A certificate chain processed, but terminated in a root
        certificate which is not trusted by the trust provider.

Number of errors: 1

Looking into this

simonmarty commented 2 years ago 
.\signtool.exe verify /pa Amazon.SecretsManager.Extensions.Caching.dll
Index  Algorithm  Timestamp
========================================
0      sha256     RFC3161

Successfully verified: Amazon.SecretsManager.Extensions.Caching.dll

/pa Specifies that the Default Authentication Verification Policy is used. The library is signed.

paulhickman-a365 commented 2 years ago

Signing an assembly with "signtool.exe" is different to signing it with "sn.exe". Signtool just confirms who the author is and is a general windows executable thing. Sn is a .net specific thing, and gives the assembly a strong name.

In order to be used from strongly named code, you need to sign it with sn. This is the way the AWSSDK packages are signed.

SngThk2014 commented 1 year ago

@simonmarty : I am also waiting for a signed version of Amazon.SecretsManager.Extensions.Caching package. Context: I got the latest package in Nuget version 1.0.5. I followed this old post https://buffered.io/posts/.net-fu-signing-an-unsigned-assembly-without-delay-signing/ and used ildasm to disassemble, then assembled it with my .snk file. Then from my project, I referenced the signed Amazon.SecretsManager.Extensions.Caching.dll. Build passed. But runtime failed with FileNotFoundException: Could not load file or assembly 'Amazon.SecretsManager.Extensions.Caching, Version=1.0.0.0, Culture=neutral, PublicKeyToken=18f70fc3a4015cc8' or one of its dependencies. The system cannot find the file specified.

I checked all the dlls referenced by Amazon.SecretsManager.Extensions.Caching and found that they are all signed, so not sure how to fix this.