Use. NET with the function of making a simple registration code

Encryption helps protect data from being viewed and modified, and can help provide secure communication on this insecure channel. For example, you can encrypt data by using cryptographic algorithms, transfer data in encrypted state, and then decrypt data by a predetermined receiver. If the third party intercepts the encrypted data, it is difficult to decrypt the data.

To achieve these goals, you can use a combination of algorithms and conventions, called cryptographic primitives, to create an encryption scheme. Includes private key cryptography (symmetric encryption), public key Cryptography (asymmetric encryption), cryptographic signatures, and cryptographic hashes.

We use public key cryptography (asymmetric encryption) to implement the algorithm of the registration code.

Public key cryptography uses a private key that must be kept secret from unauthorized users and a public key that can be exposed to anyone. Both the public and private keys are mathematically associated, data encrypted with the public key can only be decrypted with the private key, and the data signed with the private key can only be authenticated with the public key.

For the registration code, we use the private key to sign a string (user name), and then use the public key to authenticate the signature (the registration code). Because the public key can only be used for authentication, we are assured that the public key is distributed, and the private key is used for signature, so the private key is kept in the developer's hands. This will achieve the purpose of registration certification. Software that is currently registered using user name, registration code mode should be using this technology.

First we build a public and private key that we want to use.

Private RSA as New Security.Cryptography.RSACryptoServiceProvider

The RSACryptoServiceProvider class provides implementations of the RSA algorithm to perform asymmetric encryption and decryption. By toxmlstring, we can generate the public and private keys we need.

Rsa. Toxmlstring (False)

Rsa. Toxmlstring (True)

When the argument is false, only the public key is generated and true, and the public and private keys are all generated. We generally get a public key string by toxmlstring (False), and a private key string (although it contains a public key) via Toxmlstring (True). We can save these two keys on this machine, defined and used by string constants. This means that our registration information will use a unique public and private key.

We then sign the specified string with the public key and the private key.

Rsa. Fromxmlstring (Private_key)

Dim F as New Security.Cryptography.RSAPKCS1SignatureFormatter (RSA)

F.sethashalgorithm ("SHA1")

Dim source () as Byte = System.Text.ASCIIEncoding.ASCII.GetBytes (UID)

Dim sha as New Security.Cryptography.SHA1Managed

Dim result () as Byte = Sha.computehash (source)

Dim regkey () as Byte = F.createsignature (Result)

SerialNumber = convert.tobase64string (regkey)

Reinitialize the RSA object with the private key you just obtained, and then sign the RSAPKCS1SignatureFormatter class. We convert the input string into a byte array (our default username can only consist of ASCII characters), and the hash value is computed by the SHA1-Hudson algorithm. The CreateSignature method is then used to sign the resulting Hudson value. Finally we convert the resulting byte array into a string as the registration code. This is the process of generating the registration code. We can use this program repeatedly to sign different user names to get the different registration code corresponding to them.

Finally we verify the username and registration code we just obtained.

Rsa. Fromxmlstring (Public_key)

Dim F as New Security.Cryptography.RSAPKCS1SignatureDeformatter (RSA)

F.sethashalgorithm ("SHA1")

Dim key () as Byte = Convert.frombase64string (serialnumber)

Dim sha as New Security.Cryptography.SHA1Managed

Dim name () as Byte = Sha.computehash (System.Text.ASCIIEncoding.ASCII.GetBytes (UID))

result = F.verifysignature (name, key)

This time we use the public key to initialize the RSA object and then verify the signature through the RSAPKCS1SignatureDeformatter class. We convert the resulting registration code back into an array of bytes, and the user name is Hasi to get the value of the hash. Finally, it is validated by VerifySignature.

From the above program can be seen, the generation of registration code requires the private key (private key with the public key information), and can generate any number of user names, registration code pairs. And through the public key, we can only authenticate and not build. So the public key can be relieved to all users to authenticate, while the private key is not. So the public key and authentication algorithm can be included in the release version. Because even if the user got the public key and authentication algorithm can not be easily cracked.

Now the popularity of the Register on the network, to a large extent, is to crack the software's private key, so as to achieve unlimited generation of required registration information. However, if the user decompile your product and change the intermediary code, it will bypass the registration logic. This is not a problem that can be solved by this article. Because that is, you use the Web service technology for online activation or registration, or you can listen to the network to analyze the server's information, simulate a fake server to do.