Figure 13: Key Derivation
The FIRM CODE, PRODUCT CODE and FEATURE CODE present the visible elements. You program these into the
CmStick or the license file. The user is able to see these elements in CodeMeter WebAdmin. These elements
define the license entry.
The FIRM KEY contains the secret element on the developer’s side. Normally, the FIRM KEY is defined by WIBUSYSTEMS. However, in CodeMeter the developer is able to freely define the FIRM KEY and write it to the FSB. On
programming a CmStick or license file the FIRM KEY is transferred.
The SECRET KEY is an additional secret element of CodeMeter / CodeMeterAct which is created and used
differently for both copy protection systems.
SECRET KEY, FIRM KEY, FIRM CODE, PRODUCT CODE and FEATURE CODE are fixed for a license entry. In contrast, the
encryption code is modifiable at runtime. By changing the encryption code you are able to work with alternating
keys.
The developer’s task is to integrate the concept of alternating keys using appropriate methods. For example, by
encrypting the same data with different keys before shipping, and decryption at runtime is contingent upon
correct key selection.
In the case of an automated integration with AxProtector and the integration with Wibu Universal Protection
Interface (see 7. Software Integration), the developer does not need to be concerned with this task. This is
automatically done by the WIBU-SYSTEMS tools. And with tool updates new methods are automatically
integrated on re-encrypting your software. All this is accomplished without changing the source code or
recompiling your software.
6.4 Using CodeMeter and CodeMeterAct simultaneously
CodeMeter and CodeMeterAct are based on different keys. Thus, data encrypted for CodeMeter cannot be
decrypted with CodeMeterAct. However, in order to allow a secure and flexible license management, WIBUSYSTEMS tools work with a two-tiered encryption.
Encryption:
A contingent key is generated.
Data is encrypted with this contingent key.
The key is encrypted with CodeMeter and/or CodeMeterAct (eventually with different encryption codes).
These keys are encrypted an as a key pool attached to the data.
Decryption:
The matching CodeMeter and/or CodeMeterAct license is queried.
From the key pool a key is selected that matches this license.
With the selected key the initial key is decrypted.
27 | 44