Mono strongname verification failing

This is a cross-post.

I am using a Xamarin build of Mono on Ubuntu.

At some point in the past (while I was using the stock, ancient monodevelop from the Ubuntu repo) the following approach worked:

1. sn -k mykey.snk
2. In the .csproj, set to the above .snk
3. In the same .csproj, set to true

4. In runtime, self-verify the .exe by mimicking the Mono sn tool using this source:

   private static bool IsStrongNameSigned(string fileName)
   {
       // For details see
       // https://github.com/mono/mono/blob/master/mcs/tools/security/sn.cs
   
       const int keySize = 12, blobSize = 148;
   
       var an = AssemblyName.GetAssemblyName(fileName);
       byte[] publicKey = an.GetPublicKey();
   
       if (publicKey == null ||
               publicKey.Length < keySize + blobSize)
           return false;
       using (RSA rsa = CryptoConvert.FromCapiPublicKeyBlob(
                                blob: publicKey, offset: keySize))
       {
           var sn = new StrongName(rsa);
           return sn.Verify(fileName);
       }
   }
   

Now, if I attempt the above, sn.Verify() returns false even though the project has explicitly been told to sign on build.

The failing code is in Mono.Security:

$ dpkg -S /usr/lib/mono/4.5-api/Mono.Security.dll
mono-devel: /usr/lib/mono/4.5-api/Mono.Security.dll

$ apt-cache show mono-devel
Package: mono-devel
Source: mono
Version: 5.0.1.1-0xamarin5+debian7b1
Architecture: all
Maintainer: Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>
Installed-Size: 75560
...

Upon debug, it seems that the specific point of failure is in StrongHash. The signature is indeed read, but it consists of an all-zeroes array of 128 bytes.

I can confirm that the MonoDevelop 7.1 IDE is telling csc to use a key; note the presence of /publicsign+ and /keyfile:

/usr/lib/mono/4.5/csc.exe /noconfig /nowarn:1701,1702,2008
    /nostdlib+ /platform:anycpu32bitpreferred
    /errorreport:prompt /warn:4 /define:DEBUG /errorendlocation
    /preferreduilang:en-CA /highentropyva+ /reference:...\
    /debug+ /debug:portable
    /keyfile:/home/....snk /optimize- /out:....exe
    /subsystemversion:6.00 /resource:gtk-gui/gui.stetic,gui.stetic
    /target:exe /utf8output /publicsign+ ....cs

My questions are:

• What has changed in Mono that now prevents this approach from working?
• Is there a better approach to verifying an assembly?
• Is it the build that's failing to sign the assembly, or the verification code that's failing to find the signature? Is there some separate tool that can confirm which is the case?

Thank you.