PublicSign does not work when supplied with a full private key

[vcsjones]

The --publicsign+ (Or PublicSign project property) option used for public-signing projects does not work when the supplied strong name key is a full public/private key pair.

Steps to reproduce.

1. Generate a strong name key pair (sn -k mykeypair.snk)

2. Create a project that looks like this

   <Project Sdk="Microsoft.NET.Sdk">
   
     <PropertyGroup>
       <OutputType>Exe</OutputType>
       <TargetFramework>net8.0</TargetFramework>
       <RootNamespace>fsharp_scratch</RootNamespace>
       <SignAssembly>True</SignAssembly>
       <AssemblyOriginatorKeyFile>mykeypair.snk</AssemblyOriginatorKeyFile>
       <PublicSign>true</PublicSign>
     </PropertyGroup>
   
     <ItemGroup>
       <Compile Include="Program.fs" />
     </ItemGroup>
   
   </Project>
   

Attempt to build this project will result in

A problem occurred writing the binary 'obj\Debug\net8.0\refint\fsharp-scratch.dll': A call to StrongNameSignatureSize failed (Invalid Public Key blob)

Note that public does work correctly if you supply it with just the public key.

1. Extract the public key using sn -p mypairpair.snk publickey.snk
2. Change the AssemblyOriginatorKeyFile to publickey.snk
3. Observe that that public signing works.

In theory public signing, even with the full public/private key pair should still work because the public key is a a subset of the private key.

The C# / Roslyn toolset is able to use the full private key when used with publicsign

---

As for the use case of why this is useful, this was reported by Red Hat / @omajid. They are trying to utilize PublicSign in their build process because full-signing does not work. Full signing does not work there because strong naming requires using the RSA+SHA1 signature algorithm, and that signature algorithm does not work on their systems because it is deprecated.

More background on the issue is available at https://github.com/dotnet/runtime/issues/105486