tag:help.appveyor.com,2012-11-13:/discussions/questions/17515-signing-net-assemblies-by-passing-the-publicprivate-pair-keyAppVeyor: Discussion 2018-08-25T02:26:47Ztag:help.appveyor.com,2012-11-13:Comment/446954632018-02-09T17:58:11Z2018-02-09T17:58:11ZSigning .NET assemblies by passing the public/private pair key<div><p>I would recommend to use <a href="https://www.appveyor.com/docs/build-configuration/#secure-variables">secure variable</a>. It is safe to keep your secrets in encrypted form in public repo.</p></div>Ilya Finkelshteyntag:help.appveyor.com,2012-11-13:Comment/446954632018-02-09T18:04:16Z2018-02-09T18:04:16ZSigning .NET assemblies by passing the public/private pair key<div><p>Thank you for suggestion Ilya but I don't have string but rather then file like file1.snk.</p></div>kosunixtag:help.appveyor.com,2012-11-13:Comment/446954632018-02-09T18:07:33Z2018-02-09T18:07:33ZSigning .NET assemblies by passing the public/private pair key<div><p>Sorry missed that. Then use <a href="https://www.appveyor.com/docs/how-to/secure-files/">secure file</a>.</p></div>Ilya Finkelshteyntag:help.appveyor.com,2012-11-13:Comment/446954632018-02-10T10:09:28Z2018-02-10T10:09:28ZSigning .NET assemblies by passing the public/private pair key<div><p>Great advice and it works fine. I think about completelly delete any private key even encrypted from repo? Is it possible current scenario? Because based on approach with secure file I need to hold in repo public.key to support delay siging assemblt by strong name and private encrypted.key. A lot of secure info available public :)</p></div>kosunixtag:help.appveyor.com,2012-11-13:Comment/446954632018-02-10T11:55:52Z2018-02-10T11:55:52ZSigning .NET assemblies by passing the public/private pair key<div><p>You have to hold some secret in encrypted form in repo anyway. If it is not file, then encrypted base-64 string or encrypted password to network storage whith you private key.</p>
<p>To avoid any secrets in repo you can use private build server. It is possible with <a href="https://www.appveyor.com/docs/build-environment/#private-build-cloud">private build cloud</a> where you can have your own build VMs. This option is available for Premium accounts now (trial is free). You can even install you own AppVeyor (not only build VMs) on your premises or private cloud with <a href="https://www.appveyor.com/docs/enterprise/">AppVeyor Enterprise</a>.</p></div>Ilya Finkelshteyntag:help.appveyor.com,2012-11-13:Comment/446954632018-02-13T16:25:17Z2018-02-13T16:25:17ZSigning .NET assemblies by passing the public/private pair key<div><p>I see your point. Is it possible to use similar to secure-file as tool for exctraction private-public key pair from key.snk then encrypt content of file and represent as base64 string that can be used later as secure variable?<br>
It is allows me to delete encrypted file from repo and hold in one place one encrypted variable.</p></div>kosunixtag:help.appveyor.com,2012-11-13:Comment/446954632018-02-13T16:25:26Z2018-02-13T16:25:26ZSigning .NET assemblies by passing the public/private pair key<div><p>I see your point. Is it possible to use similar to secure-file<br>
<a href="https://www.nuget.org/packages/secure-file/">https://www.nuget.org/packages/secure-file/</a> as tool for exctraction<br>
private-public key pair from key.snk then encrypt content of file and<br>
represent as base64 string that can be used later as secure variable?<br>
It is allows me to delete encrypted file from repo and hold in one place<br>
one encrypted variable.</p></div>kosunixtag:help.appveyor.com,2012-11-13:Comment/446954632018-02-13T17:07:52Z2018-02-13T17:07:52ZSigning .NET assemblies by passing the public/private pair key<div><p>Please look at <a href="https://gist.github.com/IlyaFinkelshteyn/e72d57d1a8870b2e888de067a51868c1">this sample</a>. This is not exactly what you ask about but very similar. You do not need <code>secure-file</code> with this scenario, you convert what you need <strong>to</strong> Base-64 string and then encrypt this on your machine. Then you check-in encrypted value to your repo. Decode and and convert <strong>from</strong> Base-64 during the build.</p></div>Ilya Finkelshteyn