Signing assemblies with a .pfx file

From Version 2 of SN tool, there is support for creating strong name key files protected with a private key (that is a .pfx file). Though this is a great improvement over the old .snk file, it is a pain during the development. While opening or debugging the signed projects a dialog box opens that reads “Import Key File”, “This project includes a password-encrypted key used for signing. Enter the password for the key file to import the key file into the local crypto-store database for use.” Even if you enter the correct password, the error persists and says “Error importing key”, “Object already exists”. On building you get the following message error MSB3321: Importing key file “<keyname>.pfx” was canceled.

I faced this issue in VS 2008 on my Windows 7 machine and had to get rid of this error somehow. Accidentally I came to know that if UAC is turned off, the error vanishes. On researching (googling :)) I could find that this is a permission (UAC) related open bug in Visual Studio from VS 2005 through VS 2010 (not verified) and the one and only solution for the time being seems to be Delay Signing. By delay signing your assembly you can get rid of the nag window in Visual Studio and by signing the assembly with your key file before distribution you could achieve the security you want. This though comes with a catch. If you set the project for delay signing, you cannot debug your application as the verification of the strong name fails. To override this verification, you have to add your key file to the list of keys skipped for verification in your machine.

I could not find the steps for delay signing and verification skipping online easily. So I am just recompiling the steps for future reference 🙂

  1. Open a Visual Studio command prompt.
  2. Run the command sn -p <original-key>.pfx <public-key-file>.pk (Export the public key from your .pfx file using the SN tool.)
  3. In the Project Properties Page, Select Signing Tab, Set the key file in Visual Studio to <public-key-file>.pk and check the Delay Sign only option.
  4. To skip the strong name verification, you have two options. Configure the skipping of a particular assembly. sn – Vr <assembly name>
    1. Or Enable skipping for all the assemblies signed with the same key. Personally I preferred this method as there were 4 or 5 assemblies signed with the same .pfx file. To achieve this,
      1. First Run sn -T <assembly-name>. This gives us the public key token for the assembly.For example the output will be something like Public key token is bd91f093f07f35ac.
      2. Now Run sn -Vr *,<public-key-token>. For example sn -Vr *,bd91f093f07f35ac in my case.
  5. When you finally want to ship your assembly Run sn -Rc <assembly-name> <original-key>.pfx

For this to work on 64bit, you need to do these extra steps:

  1. Open a command prompt as Administrator
  2. Go to C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\x64\
  3. Run the same.. sn -Vr *,<public-key-token>

This is to add theverification skip to the 64 bit registry as well.

Advertisements – Easiest Jobsite

redefine: EASY”

This is what my friend and I had in mind when we decided to create a job site.

To make the “Easiest Job site”. A job site which I and most probably you will use without scowling.

With a lot of reusable stuff from Skillda and 2 months of planning and development we have come out with the beta version of our job site – What makes it the easiest is that you don’t have much to do either as a job seeker or a recruiter.

As a job seeker, Just upload your resume on the front page or just email it to Thats it! No more registration or filling up pages of boxes. Our automatic analyzing system picks up the data and tags your resume.

Recruiters too don’t have to pay and register or search for hours to dig up the resumes they want. Type in your filter tags and subscribe. You start getting daily mail from the site with matching resumes.

Isn’t this EASY?

1 Comment

Posted by on October 9, 2008 in Computers, Recruitment, Technology


A bad worker blames his tools. What if bad tool starts blaming?

I have spent my last 4 and a half months learning how you should never execute a (software) project. 🙂

Though a big disappointment and failure, the previous project had changed my view on a lot of stuff especially processes and documentation. I had always considered micro-level documentation to be an avoidable overhead and never believed in process. If you think like me, may be your opinion will change if you know my story.

A project without any proper documentation (scope, requirements, design, project plan…. the list goes on) and a very aggressive deadline. Two months from start of this project is where I landed to lead the project. Was anyone scared if the client will go bad then? Nobody was. Fast forward >> Client denies the original scope. Squeezes in double the agreed upon requirements into the scope. You know what happened in the end? He made us work for 6 months and coolly paid for just the original 3 months.

We were screwed big time just for the lack of process and documentation. You know.. I learned it.


Setting the value for a select list

We come across a lot of instances where we need to set the values of form elements programmatically using client side script. To set the value of a select list (in case of multiple select or single select), the best way to do it is to loop through the options, checking if the value matches and then setting [option].selected = true.

For example:
//here for simplicity i am considering a single select case

function setSelectValue(selectList, val) {
for (option in selectList.options) {
if (option.value == val) {
option.selected = true;

This piece of code will work for almost all web browsers. But not so surprisingly there is a difference in the way IE and other browsers handle the select list. In Firefox a listitem given without a specific value attribute considers the given text as the value. Though IE also gives the same result on post back, while programmatically checking the value of an option it says its undefined. So you cannot use the setSelectValue function for <li>Hello</li> in IE. To make it work for IE you have to explicitly give <li value=”Hello”>Hello</li>.

Not a big deal but it cost me half a day 😉

1 Comment

Posted by on February 22, 2008 in Computers, Internet Explorer, Javascript


The left-right dancing girl – optical illusion cracked

The myth of the left – right brain test and the rotating girl is an interesting read and is a good food for thought. The original post says that if you see her spinning clockwise you are imaginative, ….. or if you see her anti-clockwise you are logical, … and if you can see her spin both ways, you are a genius 😉

I got this forward from a friend and we figured it out and then googled to see what others were saying. Believe me you can find framewise analysis, physiological theories, to plain wonder.

Wanna know how to see the girl spin both ways? Just look at it from 2 different angles. Either tilt the monitor or move your head sideways. It is just a trick of optical angle.

My friend and I were looking at it and both of us always seem to see the exact opposite and then suddenly it occured to us to just turn the monitor towards the other guy, We discovered at that instant our perception of how the girl moved changed. It seems to be a trick with the angles.

But It still could have something to do with which half of the brain gets to process it first. Or it could be due to the differential delay in the propagation of the optical impulse to wherever it gets processed. 😉

Dont know what they call it. Hey we are just amateurs. 🙂

P.S. Incase you dont find the original post, you can check it out on my picasa album.

Leave a comment

Posted by on January 24, 2008 in Blogroll, General


Tags: , , ,

Follow your Heart or your Head?

I don’t know how others think. But for me decision making was always simple and fast. “Just follow the heart“. I never cared to think if it was right or wrong. And I forbid myself from regretting my past decision or choices. This thumb rule made me take decisions which at times others thought crazy and outrageous, but always kept me happy.

I have done things like, Starting a company while in college with practically no idea what I was doing, completely neglecting studies (not part of the main plan but just was not there among priorities), Not trying to get a job like “others”, Spending a couple of years after college penniless on the craziest of ideas, Quitting a regular and somewhat satisfying job just to get back to the dream project and millionaire dreams. So as you see life had always been like a roller-coaster ride and I enjoyed it. To be frank this was never easy. But I was following my dreams and passion. And that was my fuel, my cushion on the bumpy ride.

As my responsibilities got bigger, I started getting scared of the risks and decided to have a balance of both, to “Follow the Heart and the Head”. But 3 months from the decision, I hate to say it, I regret Following the Head. My work was my passion and now it has become just my ration.

So… “Here I go again on my own
goin’ down the only road I’ve ever known.
Like a drifter I was born to walk alone.
An’ I’ve made up my mind, I ain’t wasting no more time….

Leave a comment

Posted by on January 12, 2008 in General, Social


Stealing Passwords had never been easier

I have already written once on how web security has taken a back seat thanks to the ever growing popularity of social networking websites. Recently I saw a trend in Orkut where people are setting their homepage to some;. I tried one of those links and saw a replica of the person’s orkut profile over there. I even saw my pic in the friends’ list. But if I try to click on any of the links, a pop-up window comes and asks for my Orkut username and password to continue. To my surprise, all the images were directly from and the exact ones used in Orkut.

I did a little bit of googling looking for any connection between orkut and powerscrap. But it seemed like people are using the latter as an alternative to Orkut in places where it is blocked and were all praise for powerscrap. I believe this must be a trusted site. But someone can use this technique just to snatch you off your username and password too. The sad part is that people are so desperate to network and don’t think twice when asked for username or password.

I think this now leads to the simplest form of social engineering. If you have a website and some web programming knowledge you can just walk away with thousands (at least hundreds) of usernames and passwords. You dont need content or users or even a database :). You can thrive on a popular website’s user-base and just enjoy the free passwords. As my title goes password hacking had never been easier.

  1. Go buy a domain. Even a free sub-domain will do :).
  2. Write code to pull data from Orkut or a similar website.
  3. Send messages to a few giving your url and telling them the ADVANTAGE of using your website.

You are done. In a few days you might be honored for stealing passwords!!

Leave a comment

Posted by on September 19, 2007 in Computers, General, Security, Social