Registration key generation

Threads related to Online Activation Panel
Post Reply
Ajax
Posts: 14
Joined: Tue May 27, 2014 1:36 am

Registration key generation

Post by Ajax »

Hello!

I'd like to get a good understanding of how the user registration keys are generated and how activation is carried out when using the Online Activation Panel, so that I can minimize the risk of sharing of licenses or producing key generators (because as far as I know all types of hardware IDs, including the HDD ID, can be spoofed).

This is just my guess on how it works:

1. When a new project is created with the Enigma Protector, an Encryption Constant and a public and private key pair are generated. These three values are constant, generated once per product, or at least once per product version.

2. The private key is used to encrypt those sections specified with the Enigma markers or API. Then the whole application is encrypted using the Encryption Constant.

3. When the user orders the product, he receives an Activation ID. The user starts the protected application and enters the Activation ID. Then the protection code that was injected by the Enigma Protector into the product will find the hardware IDs and send this and the Activation ID to the Activation Panel, to find the user's product order.

4. When the user's order is found, the project's public key and the HW ID are used to generate a unique user registration key. This is sent back to the user and stored in his system.

5. Now that the product is registered, when it is executed the injected Enigma code will first verify that the user registration key matches the public key and the user's hardware IDs. If so, the application continues execution.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: Registration key generation

Post by Enigma »

Hi Ajax,

Glad to see your message, you are absolutely correct in your thoughts, very glad that our customers are willing to understand how the system works!

Just few small comments:
Ajax wrote:1. When a new project is created with the Enigma Protector, an Encryption Constant and a public and private key pair are generated. These three values are constant, generated once per product, or at least once per product version.
These values are being generated once for a project file. You may really use this project file for multiple products if you wish. This case all these projects will be registered with the same registration key.
Ajax wrote:2. The private key is used to encrypt those sections specified with the Enigma markers or API. Then the whole application is encrypted using the Encryption Constant.
First sentence is not correct, private key is used to generate registration keys only, and nothing more. Encryption Constant is used to encrypt the whole file (if option Registration Features - Common - Encrypt with Encription Constant is enabled), and/or Reg_Crypt markers. Note, instead of Reg_Crypt markers we recommend to use VM Risc markers, as they provide the maximum protection.
Ajax wrote:4. When the user's order is found, the project's public key and the HW ID are used to generate a unique user registration key. This is sent back to the user and stored in his system.
Private key is used to generate a key (as it is a private, only you can see it and only you can generate keys), public key is used to verify the key (as it is public, "anybody" can see and use it without any vulnerability).

All other things are correct!
Ajax
Posts: 14
Joined: Tue May 27, 2014 1:36 am

Re: Registration key generation

Post by Ajax »

Thanks for the quick respone! The process is much clearer now.

Now I'm wondering how the encryption constant is protected within the executable. Is it protected within virtualized segment of code? Otherwise I guess this constant can be extracted and published.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: Registration key generation

Post by Enigma »

Ajax wrote:Now I'm wondering how the encryption constant is protected within the executable. Is it protected within virtualized segment of code? Otherwise I guess this constant can be extracted and published.
That's very simple, Encryption Constant is stored in the registration key. If you do not have registration key, there is no Encryption Constant, and the application can't be encrypted and run.

Encryption Constant is stored inside the key, not inside the program.
Post Reply