# Serial number encryption algorithms

The security of a key in the licensing system is based on asymmetric cryptography algorithms. The current version implements the RSA algorithm with the key length from 1024 to 16384 bits. Future versions are planned to implement other algorithms based on ECC as well as symmetric+asymmetric combined cryptography.

The algorithm used is unique for each product. Keys made with one algorithm cannot be used with another one, this means changing algorithms after at least one license is created is not allowed. The protection module in the protected program “knows” which algorithm the serial number is encrypted with and will not accept keys made with other algorithms or with the same algorithm but different parameters (say, different key length).

### RSA Algorithm

A serial number is encrypted with the RSA algorithm as follows:

**Adding random data to the beginning of the serial number**– the method is based on RFC2313, but the implementation is slightly different. The following bytes are added to the beginning of the key: 00 02 NN…NN 00, where NN..NN are from 8 to 16 random non-zero bytes. The number of bytes is random, but the system takes into account the length of the key and its maximum capacity.**Adding random data to the end of the serial number**– the total number of bytes in a serial number must be equal to the number of bits in keys of the algorithm divided by 8. The serial number is appended with the corresponding number of bytes holding random data. As a result, the following serial number format is produced: 00 02 NN..NN 00 DD..DD MM..MM, where NN is a set of random non-zero bytes, DD is the original serial number, MM is a set of random bytes (including zeros). The summary length of the sequence should be equal to the number of bits in keys of the algorithm divided by 8**Encryption**goes using a typical procedure implemented in many libraries to process big numbers. The PHP generator contains all the required information.**Packing**– the set of bytes obtained after encryption is encoded to base-64 — this is a serial number that goes to a customer.