Infralution Support

[Rene]

I have spent some time trying to figure out how the code works (mostly for educative purposes) and I am just not getting this so I was hopping someone could help me out.

It was my understanding that someone can use RSA to sign information by using the private key to perform the signing and then using the public key to verify that the information is really coming from the person that is the owner of the private key.

I believe that this is what the Infatuation licensing program is doing but there are some things that I don’t understand, for example, I can’t understand why the “GenerateKey” funciton never uses the RSA to sign the key that is being generated.

Isn’t this the whole idea? Shouldn’t and instance of the RSA class be instantiated with its *private key* (inside the GenerateKey function) and then use the class to sign the key that is being generated so my program can then instantiate the RSA class using its *public key* and then verify that the key that was generated by “GenerateKey” function is really coming from me?

I am really confused about all this, I think something is going on with the “DesignSignature” and the “RuntimeSignature” but I also can’t figure out how those two play a part on the validation thing.

Could someone *please* give me an overview of how this validation system is supposed to work? I realize that I don’t have to know the internal implementation to be able to use the system but I would really like to.

Thanks.

[Infralution]

We don't sign the individual license keys with RSA - because that would result in really long license keys (hundreds of characters). Instead we use RSA to validate that the license key was generated using the required product password. This allows us to include the RSA signature in your code at compile time and keep license keys to a managable length.
_________________
Infralution Support