2

The company I work for would like to create some kind of a registration process, where at the end, the user will have to enter a key in order to activate his product.

I've already searched and found few sources that explain how to generate a key. One of them (How to generate and validate a software license key?) suggested taking some data (like registration data, combined with hardware info), and concat it with an private key encryption of the hash over the data, and on all of that, calculate the base32 encoding.

So when the key is entered in the program will decode the base32, calculate the has over the data, and verify with the public key that the signature in the key is valid (so we can be sure that the key came from out company).

I've found out about Bouncy castle, but I don't see any schnorr implementation in it (In fact, I didn't find much of implementation of if in c#). All my efforts on making a small signature failed (The smallest signature I've managed to create was 56 bytes).

So assuming that the data + signature is, lets say, 64 bytes. My base 32 string will be 64 * 8 / 5, which is 103 chars.combined with extra - for delimitation, and making it a little more readable, we get something which is not readable and cannot be dictated by phone (if needed).

So what am I missing? If I need to make a 32 chars key, then I need 20 bytes of data + hash.

How do I do that?

Any example using the .net Cryptography, or the Bouncy Castle (which lack of any c# documentation and examples) would be helpful.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Saragani
  • 96
  • 7

1 Answers1

1

I've learned that ed25519 is based on schnorr, at least from what I have read. Finding implementation for the ed25519 was not too hard. I've found the libsodium.net that uses the libsodium (a c++ lib), which wraps the c++ library.

There is also something called NaCl.Net (salt.net) which is a completely managed version of the libsodium.net. The documentation of the NaCl.Net is missing, and things are not working as I expect (The API is different from the one in the libsodium.Net).

Anyhow, with the libsodium.Net I managed to encrypt a small message and get a small encrypted message.

For example, for a 4 bytes message, I get a 20 bytes of encrypted messages. For an 8 bytes message, I get a 24 bytes message.

The extra 16 bytes are not bad at all (the key size is 32 bytes, which mean 256Bits, which in this algorythm should be good)

Algorithm details

  • Key exchange: Curve25519
  • Encryption: XSalsa20 stream cipher
  • Authentication: Poly1305 MAC

Signing the message creates a larger signed message, but I don't need it.

I'm going to calculate a hash for the data, and generate a key from it (using the encryption).

When the key is received, it's being decrypted, and the given hash is then being compared to the hash that was calculated on the machine.

StayOnTarget
  • 11,743
  • 10
  • 52
  • 81
Saragani
  • 96
  • 7
  • The following project can also help generating a key: https://github.com/garethrbrown/.net-licence-key-generator/tree/master/AppSoftware.LicenceEngine.KeyVerification I already saw it, and need to see if it can also help, but for now, I already have a good solution – Saragani Feb 25 '17 at 20:19