ILMerge is an excellent tool for “linking” multiple assemblies into one. But one of its switches, /keyfile:, which allows it to sign the resulting merged assembly, only accepts .snk files. It reports no error if you feed it a password-protected .pfx key-pair file, but the resulting assembly is invalid.
>ilmerge /keyfile:some.pfx /out:mergedsome.dll some.dll someother.dll >sn -v mergedsome.dll Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1 Copyright (c) Microsoft Corporation. All rights reserved. mergedsome.dll is a delay-signed or test-signed assembly >sn -R mergedsome.dll some.pfx Failed to read token from assembly -- The public key for assembly 'mergedsome.dll' was invalid.
So ILMerge was generating an assembly that strong name verification reported was delay-signed, and which sn.exe could not re-sign either.
I shot an email off to Mike Barnett and he was very responsive and interested in helping. He suggested that I try an ordinary .snk file (a keypair file not protected with a password) and that worked fine.
So how do you get ILMerge to work with .pfx files? First extract the public key from the pfx file, then use that public key to have ILMerge delay-sign the merged assembly, then use sn.exe to re-sign. Not too bad, really:
>sn -p some.pfx some.pub >ilmerge /keyfile:some.pub /delaysign /out:mergedsome.dll some.dll someother.dll >sn -R mergedsome.dll some.pfx
And now we have an ILMerge’d assembly, signed by your PFX file. Hurray!