Key technologies used to create firmware under. Net II: asymmetric encryption [yysun]

As described above,. NET provides a license detection mechanism for development of the ware program, allowing developers to concentrate on how to verify the license.

Encryption is required when a message is sent to the recipient through untrusted channels. For information recipients, a digital signature is required to confirm that the information source is correct. The owner of the ware program needs to encrypt the permission of the program user on the user machine. Because you don't want others to know how this information is expressed, nor can you let people make the same information as they do.

. NET provides encryption, digital signature, and other technologies currently used in network security, which is absolutely good for the use of javasware. The following is a method to use. Net rsacryptoserviceprovider.

RSA is an asymmetric encryption technology asypolicric cryptography, that is, the encryption and decryption passwords are separated and cannot be deduced from each other. If you know the password used for decryption, you cannot know the password used for encryption. This is more secure than symmetric encryption, because mongoware always requires a password to unregister the Code. In the case of symmetric encryption, if someone analyzes the decrypted password from the program, it is possible to copy the registration machine. Asymmetric encryption prevents you from making a registration machine even if the decrypted password is leaked.

1. Generate and save passwords

Create a new rsacryptoserviceprovider object, and. NET will generate a random password.
The rsacryptoserviceprovider object can output the password as XML.

Rsacryptoserviceprovider RSA = new rsacryptoserviceprovider ();
Console. writeline (RSA. toxmlstring (true ));

This XML is a secret to keep. This includes the private key used for encryption of the registration machine and the public key used for decryption in the program in the future.

<Rsakeyvalue>
<Modulus>... </modulus>
<Exponent>... </exponent>
<P>... </P>
<Q>... </q>
<DP>... </dp>
<DQ>... </DQ>
<Inverseq>... </inverseq>
<D>... </D>
</Rsakeyvalue>

2. Registration Machine

According to the above password XML, you can generate the rsacryptoserviceprovider object required by the Registration machine. Then, use the digital signature method to generate the registration code.

Signdata is a digital signature. It is different from pure encryption and decryption.

If you want to change to a registration code like this: Someone bought my software somewhere at a certain time. You can see this sentence after encryption and decryption (from somewhere in the memory ). Using the digital signature method, the original statement is invisible after decryption, but a hash value calculated in one way. Therefore, a layer of protection is provided for the transmitted information. Rsacryptoserviceprovider provides a method for directly generating and verifying digital signatures.

Private Static byte [] createkey ()
{
Byte [] digestinput = fileencoding. getbytes (getregistrationinfo ());
Rsacryptoserviceprovider rsaalg = new rsacryptoserviceprovider ();
Rsaalg. importparameters (getprivatekeyparam ());
Return rsaalg. signdata (digestinput, new sha1cryptoserviceprovider ());
}

Private Static string getregistrationinfo ()
{
Return getvalue ("name") + getvalue ("purchase_time") + getvalue ("from ");
}

Private Static rsaparametersgetprivatekeyparam ()
{
Rsaparameters Param = new rsaparameters ();
Param. d = convert. frombase64string ("...");
Param. DP = convert. frombase64string ("...");
Param. DQ = convert. frombase64string ("...");
Param. q = convert. frombase64string ("...");
Param. P = convert. frombase64string ("...");
Param. exponent = convert. frombase64string ("...");
Param. modulus = convert. frombase64string ("...");
Param. inverseq = convert. frombase64string ("...");
Return Param;
}

Generate private key from XML for digital signature. All parameters are required: D, DP, DQ, p, q, exponent, modulus, inverseq.

3. Verify the Digital Signature

In the ware program, generate the sacryptoserviceprovider object required to verify the digital signature from the password XML file, and ask the user to enter his name and the time and place of the software purchase. A person purchased my software somewhere at a certain time and used sacryptoserviceprovider to verify whether the digital signature of the software complies with the registration machine to generate a registration code.

Private Static bool verifykey (byte [] digestinput, byte [] signed)
{
Rsacryptoserviceproviderrsaalg = new rsacryptoserviceprovider ();
Rsaalg. importparameters (getpublickeyparam ());
Return rsaalg. verifydata (digestinput, new sha1cryptoserviceprovider (), signed );
}

Private Static rsaparametersgetpublickeyparam ()
{
Rsaparameters Param = new rsaparameters ();
Param. exponent = convert. frombase64string ("...");
Param. modulus = convert. frombase64string ("...");
Return Param;
}

Generate a public key from XML to verify the digital signature. You only need to use two parameters: exponent and modulus. If someone else gets the public key from the program itself, it is of little use.

Of course, cracking is not just about getting a password. If a brute-force cracking attack occurs, decompile your program, replace your public key with his, and cooperate with his own registration machine, then you will not be robbed, or decompile the licenseprovdier mentioned above, or ......., there are many other methods.

The license monitoring mechanism provided by. net, whether asymmetric encryption can be used, depends on the degree of disturbance of the program. Next article.