PublicSign - KirillOsenkov/Bliki GitHub Wiki

All of the below is only relevant for .NET Framework, not for modern .NET.

https://github.com/dotnet/runtime/blob/main/docs/project/public-signing.md

DelaySign uses zero bytes for the strong name signature of an assembly, and marks the assembly as unsigned. Executing delay signed assemblies requires sn -Vr * to have been run as admin on the machine (equivalently, installing StrongNameHijack.msi).

PublicSign is different because it marks the assembly as properly signed with the public key token, however the signature bytes are still all zero. So it looks like the assembly is properly signed.

The CLR actually never checks whether the signature matches the public key unless the assembly is installed in the GAC (or a couple other exotic scenarios). So with PublicSign we can run assemblies as usual and they will have a proper signature and everything. This is better than DelaySign because it doesn't require strong name verification to be disabled machine-wide.