index > ClickOnce and Setup & Deployment Projects > Use Encryption and Obfuscation with ClickOnce

Use Encryption and Obfuscation with ClickOnce

Hi,

I am using VS 2005 and like the ClickOnce features a lot. I mainly resoreted to ClickOnce to make use of the AutoUpdate feature. Now my problem is that I don't know how to encrypt and obfuscate the assemblies using my own 3rd party application and then pass them to ClickOnce. Any solution to that?

Thanks

Leedo Sunday, August 03, 2008 3:33 PM

Hi Leedo

You can use Mage.exe command-line tool to create your ClickOnce manifests.

Here is an article on MSDN Walkthrough: Manually Deploying a ClickOnce Application

http://msdn.microsoft.com/en-us/library/xc3tc5xx.aspx

Best Regards

Kira Qian

Kira Qian Wednesday, August 06, 2008 8:52 AM

I'm just guessing here, but I would think you can't obfuscate them after creating the ClickOnce deployment, because it would change the files and the manifest then would not match.

Can you obfuscate after the build but before deployment?

If you obfuscate an assembly and the assembly hasn't change, doesn't the obfuscation make it look changed? In this case, ClickOnce would install all of the assemblies again, rather than just updating the ones that got updated.

RobinS.

GoldMail.com

RobinDotNet Sunday, August 03, 2008 6:08 PM

Hi,

Well, yes my target is to obfuscate and encrypt after the build and before the deployment. I tried doing it but failed. Everytime ClickOnce publishing procedure generates a new build!! I am thinking about doing the clickonce manually using mage and mageui. But I was hoping there is an easier method.

Thanks

Leedo Monday, August 04, 2008 12:24 PM

Hi Leedo

I would like to know why you should encrypt your application and how you can encrypt after build and before deployment? Do you want to make your application safer? Actually, ClickOnce use authenticode to make itself safely.

Authenticode is a Microsoft technology that uses industry-standard cryptography to sign application code with digital certificates that verify the authenticity of the application's publisher. By using Authenticode for application deployment, ClickOnce helps prevent the phenomenon of a "Trojan Horse," where a malicious third party misrepresents a virus or other harmful program as a legitimate program coming from an established, trustworthy source. All ClickOnce deployments must be signed with a digital certificate.

Visual Studio always build the application before deployment if some assembly in your application has been changed. If you really want to avoid the rebuild action. You should use other tool to deploy you application instead of VS.

Best Regards,

Kira Qian

Windows Forms General FAQs
Windows Forms Data Controls and Databinding FAQs

Kira Qian Wednesday, August 06, 2008 7:56 AM

Hi Kira,

Thanks for your input. Well, yes the reason I want to obfuscate and encrypt is to protect the source code. By testing the assembly installed by ClickOnce on any computer you can easily see the CLI and convert it to C# or VB by using a reflector such as Lutz Roeder's .NET Reflector. I am able to do what I want using MSI by preventing my setup project from rebuilding the output project and passing my encrypted files to the setup files instead.

Anyway, the reason I am resorting to ClickOnce is to take advantage of the AutoUpdate features. I hope I can get this resolved soon.

Thanks

Leedo Wednesday, August 06, 2008 8:37 AM

Hi Leedo

You can use Mage.exe command-line tool to create your ClickOnce manifests.

Here is an article on MSDN Walkthrough: Manually Deploying a ClickOnce Application

http://msdn.microsoft.com/en-us/library/xc3tc5xx.aspx

Best Regards

Kira Qian

Kira Qian Wednesday, August 06, 2008 8:52 AM