There is such a joke: a completely drunk man sits in the cab and the driver asks him where to get him:
—"Where to?"
—"None of you business, you swine!"
Maybe your security department is like that drunk passenger. No, it cannot make any sense. You cannot produce signed DLL without having the
full key pair. The private key is never provided to the use, cannot be restored based on the public key and data, and it is needed for something; isn't it logical? And you really need to understand how
public-key cryptography works:
http://en.wikipedia.org/wiki/Public-key_cryptography[
^],
http://en.wikipedia.org/wiki/Digital_signature[
^].
Actually, it can be a manifestation of the well-known
organizational anti-pattern named "
moral hazard":
http://en.wikipedia.org/wiki/Anti-pattern[
^],
http://en.wikipedia.org/wiki/Moral_hazard[
^].
For the really paranoid organizations, like yours (however, I doubt that working in your organization is possible at all), there is a mechanism of delayed key signing:
http://msdn.microsoft.com/en-us/library/t07a3dye%28v=vs.110%29.aspx[
^].
What to do? Maybe you need to contact some level of your administration and delicately hint that some idiots present in the structure totally sabotage the whole part of the business. But first, you need to learn and understand things yourself. But again, this case is so pathological that it rather belongs to one of those sites collecting comical computer absurdities. Not sure that working in your company is possible for a mentally healthy person.
—SA