Table of Contents
Advertisement
Chapter 7 – Implementing Secure Licensing
You can use encryption to protect your application in many ways.
Encrypt the Query/Response Table
You should encrypt the query/response table, making it extremely difficult
to find and use the table by looking at the code. If you only decrypt chal-
lenges as you use them, then the attacker never sees the table in a fully
decrypted form.
Encrypt Critical Data Used by the Application
All applications at some point require data to operate. Encrypt important
data files or constants used by your program so it will only operate properly
with the Sentinel Key attached.
Verify Data Integrity Using ECC Signing and Verification
ECC is a public key algorithm (uses public and private key pairs) based on
discrete logarithms that are much more difficult to challenge at equivalent
key lengths. You can use the ECC algorithm to implement security checks in
the application as follows:
1. Generate a random message.
2. Call the SFNTSign API function to sign this message using the private
3. Call the SFNTVerify API function to verifies the signature using the
154
key is stored secretly in the Sentinel Key.
known public key of the token. If the function returns success, the
correct Sentinel Key is assumed to be present.
Sentinel Hardware Keys Developer's Guide
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Sentinel and is the answer not in the manual?