This is only useful if you can get the original signing key from @loudej, he's been pretty tight lipped on the subject.

Excuse me? I answered @Eilon when he asked about that last year. The snk with thumbprint f0ebd12fd5e55cc5 was encrypted as .snk.gpg and commited rather than added to git directly as a .snk file. That said - that was 6 years ago and the build files have been relocated a few times and I can't find a copy of the .gpg file - or the backup of the key to decrypt it.

Your options are: (1) use the CLR team's trick to delay-sign-and-change-the-bit so an assembly has the correct strong name but wouldn't pass an actual verification, (2) create a new snk for the oss owin dll and check it into git like this one as a non-secret-strong-name [ like this one https://github.com/owin/owin.dll/blob/76a8da01093efc2a239858832ba3d65c6485e5b3/src/main/Owin/Owin.snk ], (3) create a new snk and do a better job than I did keeping track of it.

Thanks @loudej, I hadn't seen you chime in on this before.

@Tratcher can we move this to the aspnet org?

@muratg @Eilon

Geez, was this really 6 years ago?