Seems I always end up searching for how to do this as it gets asked a lot. Here is a good link on one way to do it:
Note, the only reason for the tool is to change the public key string in the PE file before it runs SN -R. SN -R *only updates the assembly with a new calculated signature using the private key in the snk file passed on the command line. It does not change the public key string. Therefore, if you sign an assembly, flit a bit, and resign with a *different key pair, it still will not load as the old public key is in the assembly. It will not verify as your trying to verify a signature created with the wrong private key. So if resigning with a different key pair, you also need to change the public key in the PE before you resign it. On the other hand, if you just want to resign the assembly after some byte changes (say a resource string, etc) to update the signature, then you can just use SN -R with the same keypair.snk file and everything will work fine (assuming your modification did not mess up some logic).
It is interesting to note that a hacker could just "zero" out the signature in your assemblies and run SN -V to skip verification checking. That way they could modify your assembly and it will still load as the verify step is skipped. This is basically turning a SN assembly into a delayed signed assembly. So the SN -V works the same way as if it was delayed signed – which it now is. There is really no way to stop this once the assembly is on a users machine assuming they have proper file rights.
See Shawn’s posts for some more depth at: http://blogs.msdn.com/shawnfa/archive/2004/08/20/218049.aspx