What is the difference between Strong Name signatures and Authenticode Signatures?
Both Strong Names and Authenticode signatures are a cryptographically strong way to identify a specific software publisher, as well as a means to prevent tampering with an assembly after it has been signed. However, Strong Names do not include in a cryptographically strong way the actual name of the software publisher, while Authenticode signatures do. Strong names only provide you with the key of the signer and therefore only allow you to ascertain that the assembly indeed came from a source that you have already determined to trust based on evidence external to the Strong Name infrastructure. Strong Names also lack the Public Key Infrastructure support available for Authenticode signatures. For instance, there is no trusted third party that associates a Strong Name key pair with a specific physical signer identity, while that is the case for Authenticode. Nor is there a Strong Name key revocation system.
