VitaliyMF
commented
1 year ago I've verified the latest NReco.Logging.File nuget version and it is definitely strongly named (you can verify that with help of 'sn.exe' tool):
>sn.exe -vf NReco.Logging.File.dll
Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0
Copyright (c) Microsoft Corporation. All rights reserved.
Assembly 'NReco.Logging.File.dll' is validThis means that it is compiled with <SignAssembly>true</SignAssembly>.
However, this is not a Windows digital signature. As I understand, this digital signature should be specific to concrete vendor / software product, and it is standard practice for open source libs not to use digital signing of DLLs published on nuget. For example, Npgsql (which is official PostgreSQL client library):
If you need digitally signed DLLs for your app I believe that this should be done on your app's build (with help of sn.exe) - and all app's DLLs should be digitally signed with your key.
jwdonahue
jespersh
Windows 11 introduced Smart App Control. One of the security checks for apps is ensuring that the app and its binaries are signed. Because NReco.Logging.File does not sign its binaries, software using it will be blocked from running when Smart App Control is enabled.
Please sign DLLs produced for NReco.Logging.File.
https://support.microsoft.com/en-us/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003
NReco.Logging.File (unsigned):
Microsoft dll (signed):