Clarification regarding public key token of .NET Assembly

Question

Quote from Wikipedia : "A public key token. This is a 64-bit hash of the public key which corresponds to the private key used to sign1 the assembly. A signed assembly is said to have a strong name." [Source : http://en.wikipedia.org/wiki/.NET_assemblies]

Is this correct? I feel this is not consistent with the explanation that follows: "Signing the assembly involves taking a hash of important parts of the assembly and then encrypting the hash with the private key. The signed hash is stored in the assembly along with the public key."

Is the first quote correct. Can you please explain the process of signing in simple terms.

EDIT: My question is whether it is the public key that is hashed or is the hash encrypted using the key?

Answer 1

The public key token is based on the key used to sign an assembly, so if you take two assemblies and sign them with the same key, their public key token will be the same.

However, their signature (the data added to assembly by the signing process) will not be the same, as that is based on the assembly contents as well as the key.

Answer 2

MSDN is always your best (and almost invariably perfectly accurate) source on this sort of thing. From the page on Creating and Using Strong-Named Assemblies:

A strong name consists of the assembly's identity — its simple text name, version number, and culture information (if provided) — plus a public key and a digital signature. It is generated from an assembly file using the corresponding private key. (The assembly file contains the assembly manifest, which contains the names and hashes of all the files that make up the assembly.)

So Wikipedia would appear to be vaguely right, but not telling the full story there.

That MSDN page also links to some articles that go into more depth about strong-name signing of .NET assemblies.