I've been looking at this all day. I probably should have walked away from it hours ago; I might be missing something obvious at this point.
Short version: Is there a way to generate and boil down an asymmetrically encrypted hash to a reasonable number of unambiguous, human readable characters?
Long version:
I want to generate license keys for my software. I would like these keys to be of a reasonable length (25-36 characters) and easily read and entered by a human (so avoid ambiguous characters like the number 0 and the capital letter O).
Finally--and this seems to be the kicker--I'd really like to use asymmetric encryption to make it more difficult to generate new keys.
I've got the general approach: concatenate my information (user name, product version, a salt) into a string and generate a SHA1() hash from that, then encrypt the hash with my private key. On the client, build the SHA1() hash from the same information, then decrypt the license with the public key and see if I've got a match.
Since this is a Mac app, I looked at AquaticPrime, but that generates a relatively large license file rather than a string. I can work with that if I must, but as a user I really like the convenience of a license key that I can read and print.
I also looked at CocoaFob which does generate a key, but it is so long that I'd want to deliver it as a file anyway.
I fooled around with OpenSSL for a while but couldn't come up with anything of a reasonable length.
So...am I missing something obvious here? Is there a way to generate and boil down an asymmetrically encrypted hash to a reasonable number of unambiguous, human readable characters?
I'm open to buying a solution. But I work on a number of different of platforms, so I'd want something portable. Everything I've looked at so far has been platform specific.
Many, many thanks for a solution!
PS - Yes, I know it will still be cracked. I'm trying to come up with something reasonable that, as a user, I would still find friendly.
Asymmetric encryption is also called public key encryption, but it actually relies on a key pair. Two mathematically related keys, one called the public key and another called the private key, are generated to be used together. The private key is never shared; it is kept secret and is used only by its owner.
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.
License keys are typically created and delivered via a license generator once a software user has paid for the software and has agreed to the terms and conditions set out in the End-User License Agreement.
To communicate a symmetric key and IV to a remote party, you usually encrypt the symmetric key by using asymmetric encryption. Sending the key across an insecure network without encryption is unsafe because anyone who intercepts the key and IV can then decrypt your data. Aes aes = Aes. Create();
Unfortunately, no. If you make it shorter, you lose information and won't be able to recreate the original hash.
However, here's a couple things you may try:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With