Strong Name and Authenticode [Office 2003 SDK Documentation]

To ensure data integrity and authenticity of an assembly, strong names are used. Strong names are created using the strong name utility (sn.exe) and implemented using public-key cryptography. Strong names ensure shared assemblies have globally unique names; a strong name comprise a simple text assembly name, version number, culture information, public key and digital signature.

Strong names and Microsoft Authenticode serve different goals. Authenticode, while using public-key cryptographic protocols for data integrity, goes much further. It also uses a hierarchical system of trusted authorities to verify that someone who claims to be a software publisher of a file is its publisher indeed. In particular, Authenticode implies a level of trust associated with a software publisher, while strong names do not.

Strong names are an integral part of an assembly's content and build process. Every strong-named assembly references other assemblies by their strong names. Doing this ensures that at runtime the assembly will use those exact assemblies it was linked with, thus resolving DLL conflicts. On the other hand, Authenticode signature is stored in an assembly's Portable Executable (PE) header and is often used in addition to strong names to establish trust of an assembly. This is also why an assembly must be strong named before it is signed with Authenticode.