Title: There currently are five different types of Lock Cores'
1There currently are five different types of Lock
Cores.
- Pass key in to decrypt
- Use built-in key to decrypt
- Pass key in to do initial decrypt then use
built-in key to do reencrypt - Pass key in to do initial decrypt then use
built-in key combined with local info to do
reencrypt - Pass key in to do initial decrypt then use passed
in key combined with local info to do reencrypt
2All lock cores provide the same basic service.
That is to encrypt and decrypt your assemblies.
However we have made and continue to make
different types of lock cores to offer the
flexibility developers need in the real world to
provide a perfect fit with the requirements of
your projects.
Features beyond encryption include various ways
to get the decrypt key to the lock core,
conditioning decryption on rules such as the name
or version of the application requesting
decryption, and re-encryption of assemblies using
information unique to a PC such as network card
MAC address.
Some of these combinations of lock core abilities
allow you to implement licensing schemes that
incorporate the assembly encryption mechanism.
3- This type of lock core requires that you encrypt
your assembly before shipping with an encrypt key
and then provide your own secure way to pass that
key into the AssemblyLockbox loader at runtime to
decrypt the assemblies. - How you get the key to the application at runtime
is entirely up to you as the developer. You can
encrypt the key and pass it over the Internet and
then decrypt it again on the PC or you might
encode the key into a hardware device like a
smart card that passes the key to your
application with just a swipe. - You shouldnt hard code the key directly into
your unprotected .Net code that calls the
AssemblyLockbox loader, because that just makes
it easier for a would be hacker to get at your
code.
4- Use built-in key to decrypt
- This type of lock core incorporates a key inside
the lock core dll itself. This key is scrambled
in such a way as to make it much more difficult
for someone to reverse engineer out of the
compiled C code in the lock core. - Because the key is included in the lock core dll
a key does not need to be passed into the lock
core at run time. However it is recommended that
you pass a key in anyway to help trick any would
be hacker into thinking you are using a different
kind of lock core than you really are. - The down side to this type of lock core is that a
good hacker could figure out how to call the lock
core dll directly from their own application and
trick the lock core into decrypting the assembly
and pass back the image. So this is best used in
situations where this type of activity is of
minimum concern.
5- Pass key in to do initial decrypt then use
built-in key to do reencrypt
- This type of lock core is a combination of the
first two types. It has the pros and cons of both
types as well. You encrypt your assemblies with
one key and then ship your software. At runtime
you pass this key in to do a decrypt only one
time. Then before the assembly is given to .Net
it is reencrypted with the built-in key and
resaved so that only the built-in key will
decrypt the lox file. - The main purpose of this variant is to give the
same level of protection as the normal built-in
key lock core, but with the added ability to
require the user to enter a license key or some
other token one time to get the software to work.
6- Pass key in to do initial decrypt then use
built-in key combined with local info to do
reencrypt
- This variant works very much like the previous
lock core type except that when the reencrypt is
performed local information from the PC it is
installed on will be included as part of the
reencryption key. This effectively locks the
software to that PC if the local info you choose
is unique to that computersuch as a MAC address. - The main purpose of this variant is to give the
same level of protection as the normal built-in
key lock core, but with the added ability to
require the user to enter a license key or some
other token one time to get the software to work.
And to lock the software to that PC once the
reencryption has occurred.
7- Pass key in to do initial decrypt then use passed
in key combined with local info to do reencrypt
- This lock core provides the most protection of
the 5 types currently available. Like the
previous lock core type this lock core reencrypts
the assembly by combining local information with
the key. Unlike the previous lock core type
however this type reencrypts with the key that is
passed in the first time. - In addition this type of lock core also provides
the same ability to lock the software to a
particular PC depending on the local information
that is combined with the passed in key such as
a MAC address.
8Why different types?
The idea behind different types of lock cores is
very much like the reason different types of lock
cores are made for hardware locks. The more
combinations of lock mechanisms there are the
less likely a crook will know how to bust into
your lock. Ideally each lock core made by each
AssemblyLockbox developer would be very different
from all others. Decrypt Verifiers (see Decrypt
Verifiers in help) provide a way to make this
possible. In addition as time goes on and as we
get feedback from the developer community on ways
to make more types of base lock cores and decrypt
verifiers the number of possible hurdles a hacker
will have to jump through to get at your code
will only increase. Ultimately any system of
protection can be hacked. The name of the game is
trying to stay ahead of the attackers. By using
different mechanisms for protecting different
pieces of code it prevents a hacker from getting
a universal key that gives easy access to all of
your software.