PROTECTION
Cloud FSB
Automatic build systems and continuous integration have become the standard for modern software development processes . Typically , the environments in which these processes happen are virtual to enable the developers to scale the resources involved up or down to meet their needs . Moving all of these build environments into the cloud , e . g ., in Azure DevOps , seems the logical next step .
But one key component in the development process is protecting the software by encrypting the executable files of the application . This means that it has to happen after the software has been compiled , but before the actual installation package is put together .
One of the USPs of CodeMeter is its strong link between this encryption and the software license . A secret key , called the Product Item Secret Key ( PISK ), is stored in the license itself and is needed to decrypt your software . This means that the same PISK also has to be known during encryption . CodeMeter does so by calculating the PISK from your Firm Code , your chosen Product Code , and your secret master keys . These secret keys are hidden in your Firm Security Box or FSB , which is a CmDongle that Wibu-Systems has prepared for you with your very own Firm Code .
When you enter a Product Code , such as 201000 , for the encryption process , the PISK is calculated from the combination of that code and your Firm Code , and the software can be encrypted . The same PISK is calculated and stored in licenses when you create a license with the same Product Code . The end result is simple :
■ License is present and correct : The software can be decrypted .
■ License is missing : The software cannot be decrypted .
This shows why the FSB is essential for encrypting your software . But how can you plug a CmDongle into a virtual machine or Docker container in the cloud ? Wibu-Systems introduced a solution to this conundrum in mid-2022 in the form of the Cloud FSB . It is hosted by Wibu- Systems and acts like a virtual dongle . The build system connects to it on port 80 or 443 .
As with a regular CmDongle , nobody can retrieve the master key in a CmCloudContainer . A system that has the right to access the FSB can use the key , but cannot steal it .
For your build system to connect with the Cloud FSB , you need a credential file , which includes a strong password and takes over the job of establishing a secure and encrypted connection .
In CodeMeter Runtime , a Cloud FSB would then appear as a regular local CmDongle . You can access the Cloud FSB through the CodeMeter Developer Portal and connect it directly to your local device or download the credential file . The latter option makes sense for your build system , although the file should definitely be kept safe and secure . You can find more about how to do this in the Azure DevOps topic “ Use secure files ”.
FSBs come in two types . The first is a standard FSB , which can create licenses and encrypt software with a licensed version of AxProtector . The second is an Encryption-Only FSB . As its name implies , it can encrypt software , but it cannot create licenses . It is recommended for automatic build systems , since the damage in the case of loss or theft would be less dramatic than with a full FSB . Should it be lost and somebody else starts to use the credential file illegally , it can simply be voided through the Code- Meter Developer Portal . The credential file would be recreated and be ready for roll-out across your systems with little disruption .
10