5

I have this idea of implementing a license key:

  1. After the user downloads the program, he connects to a website and sends his Windows product ID.
  2. The website, then, sends this back to him with a signature using a private RSA key.
  3. The program, then, checks, using a public key, whether it is really signed by the private key, and stores this message it got.

Now, every time the program starts, it retrieves this message, and checks it in the way mentioned in 3., comparing that with the windows product ID retrieved from the operating system.

This is done using 1024 bit numbers. I can't encode anything with the private key using what the computer language (C#) offers. (I don't want to implement my own algorithm – I don't know enough about encryption.)

Is the Windows product key long enough for this? It's something like 12345-abc-1234567-12345. (Get it by right-clicking on “my-computer”, and clicking “properties”.)

I apologize for my non-cryptographer way of asking. Here are the questions:

a) Is encrypting a small number by a large key safe?

b) Is signing a message (as opposed to encrypting it) safe?

Ilmari Karonen
  • 46,120
  • 5
  • 105
  • 181
ispiro
  • 2,005
  • 2
  • 18
  • 29
  • 2
    What if someone spoofs the Windows product ID? – this.josh Nov 21 '11 at 21:44
  • What is your goal? I assume that you want the program only runnable on computers which know this windows product ID. – Paŭlo Ebermann Nov 21 '11 at 21:55
  • 1
    @this.josh If someone is computer-savvy enough to do that – he’ll probably be able to de-compile the program anyway, and remove the security check. My main goal at the moment is to thwart someone from creating a program that will create license keys when given a product ID. – ispiro Nov 21 '11 at 22:06
  • @PaŭloEbermann Thanks for bearing with me. I edited the question for (a little) clarity. Knowing the ID is not important, because the program will retrieve the real ID of the operating system. See also my previous comment (to this.josh ) – ispiro Nov 21 '11 at 22:14
  • @ispiro: I changed the title to make it both a bit more descriptive and at the same time a bit more general than your current use case (with the Windows product key). – Paŭlo Ebermann Nov 21 '11 at 22:33
  • 1
    Windows product IDs are NOT unique. Mass user OEM licenses have the same key for every machine. I'd suggest fetching the motherboard and C drive serial numbers instead (you can do this with WMI). – Polynomial Nov 23 '11 at 14:45
  • I may be wrong, but what about people doing a fresh reinstallation of Windows on the same hardware, using the same product (installation) key? Doesn't that risk creating a new product ID? If I was happy with some version of your software, and at some point in the future (when you might not even be offering that software any longer, or have gone out of business) reinstall unrelated software (the OS) and want to keep using my purchased copy of your software because it can't phone home, I would be thoroughly annoyed. – user Nov 23 '11 at 14:48
  • @Polynomial Thanks for that important information! – ispiro Nov 23 '11 at 20:38
  • @MichaelKjörling - The motherboard and hard disk serial numbers are unique to each item, not unique to the product or brand. Using WMI you can query Win32_BIOS for SerialNumber on the first instance (there should only be one), which will give you the serial number of the BIOS device. You can do the same with Win32_Baseboard.SerialNumber, which gives you the serial number of the motherboard. You can grab WMI Explorer from here to take a look around: http://www.ks-soft.net/hostmon.eng/wmi/index.htm – Polynomial Nov 24 '11 at 06:53
  • @Polynomial, I was talking about the Windows product ID, not some hardware serial numbers. – user Nov 24 '11 at 12:08
  • @MichaelKjörling - I misunderstood the intent of your response. The product ID is designed to identify the use of a particular license on a particular machine. A fresh re-install on the same machine with the same key and exact same hardware will not produce the same ID, because it's considered a separate install of that license. On a mass license, however, the product ID will be the same regardless of the hardware it runs on. Using the product ID of the OS as a basis for any security mechanism is flawed at best. – Polynomial Nov 24 '11 at 12:39

2 Answers2

5

That is not a bad method of doing a license key; an attacker would certainly be unable to generate a signature that would validate with his computer's window product key.

On the other hand, this approach may be overkill. The easiest way to attack this system would be to modify the program to skip (or ignore) the signature validation; hackers have both the experience and the tooling to do this fairly easily. I don't believe that there are any easily implemented license key approaches that make that attack more difficult; however, there are certainly other approaches that would be easier to implement.

Since you asked for cryptographical advice, here is some:

  • If you do use this approach, you might as well make sure you get the details correct; you use a known-good padding scheme (say one of the ones listed in PKCS #1).

  • You ask whether the window product key is long enough. The answer is "Yes, it is". Actually, the length of what you sign is not important to the security of the signature method; it just needs to be long enough to be unique.

poncho
  • 147,019
  • 11
  • 229
  • 360
  • In order to make the modify the program to skip (or ignore) the signature validation attack less easy, one could try to make the program validate that it has not be modified, else refuse to run (at least, run normally). One should also fear insertion, between the real Operating System and the software, of an API patch that makes the software believe that it runs on a machine with a given Windows product ID, for which a license number is known to the attacker. Installation into a VM such as VirtualBox does such insertion as a side effect. – fgrieu Nov 22 '11 at 15:25
  • 2
    @fgrieu: If you add a routine to check if the program has been modified, a hacker can remove (or ignore the result of) that check as well. Yes, that adds another thing an attacker must need to do to be successful, however it isn't that much more effort. We in the cryptographical community are used to things like "if we do N times as much effort, the attacker has to do $2^N$ times as much" -- this isn't happening here. – poncho Nov 22 '11 at 16:03
  • 1
    There are a reasonably large group of would-be pirates who will use pirated keys (or keys they can generate on another machine) but that cannot break a security scheme themselves and will not run untrusted 'cracks' on machines they care about. This group of people would be stopped from pirating under the OP's scheme, assuming it's implemented correctly. – David Schwartz Nov 22 '11 at 21:54
4

RSA signatures are designed in a way that only the owner of the private key can generate valid signatures, no matter the message size/length. (There is no proof of this, but RSA would be considered broken if this was not the case.)

Your signature is actually a certificate saying The program is allowed to run on a computer with Windows-ID xxx, and if your program runs only on computers where a fitting certificate is available, this is safe, from the cryptographic point of view.

If the Windows Product ID is unique, then also no such certificate can be used on different computers.

Your scheme actually doesn't use RSA encryption, only signature, so your first question does not apply here. But RSA encryption should also be safe for small messages. (Actually, there is an upper size limit for RSA encryption, which is why you would usually encrypt a symmetric key with RSA and then encrypt the message using a symmetric algorithm.)

Community
  • 1
Paŭlo Ebermann
  • 22,656
  • 7
  • 79
  • 117