There currently are five different types of Lock Cores'

1
There currently are five different types of Lock
Cores.

• Pass key in to decrypt
• Use built-in key to decrypt
• Pass key in to do initial decrypt then use
  built-in key to do reencrypt
• Pass key in to do initial decrypt then use
  built-in key combined with local info to do
  reencrypt
• Pass key in to do initial decrypt then use passed
  in key combined with local info to do reencrypt

2
All lock cores provide the same basic service.
That is to encrypt and decrypt your assemblies.
However we have made and continue to make
different types of lock cores to offer the
flexibility developers need in the real world to
provide a perfect fit with the requirements of
your projects.
Features beyond encryption include various ways
to get the decrypt key to the lock core,
conditioning decryption on rules such as the name
or version of the application requesting
decryption, and re-encryption of assemblies using
information unique to a PC such as network card
MAC address.
Some of these combinations of lock core abilities
allow you to implement licensing schemes that
incorporate the assembly encryption mechanism.
3

• Pass key in to decrypt

• This type of lock core requires that you encrypt
  your assembly before shipping with an encrypt key
  and then provide your own secure way to pass that
  key into the AssemblyLockbox loader at runtime to
  decrypt the assemblies.
• How you get the key to the application at runtime
  is entirely up to you as the developer. You can
  encrypt the key and pass it over the Internet and
  then decrypt it again on the PC or you might
  encode the key into a hardware device like a
  smart card that passes the key to your
  application with just a swipe.
• You shouldnt hard code the key directly into
  your unprotected .Net code that calls the
  AssemblyLockbox loader, because that just makes
  it easier for a would be hacker to get at your
  code.

4

• Use built-in key to decrypt

• This type of lock core incorporates a key inside
  the lock core dll itself. This key is scrambled
  in such a way as to make it much more difficult
  for someone to reverse engineer out of the
  compiled C code in the lock core.
• Because the key is included in the lock core dll
  a key does not need to be passed into the lock
  core at run time. However it is recommended that
  you pass a key in anyway to help trick any would
  be hacker into thinking you are using a different
  kind of lock core than you really are.
• The down side to this type of lock core is that a
  good hacker could figure out how to call the lock
  core dll directly from their own application and
  trick the lock core into decrypting the assembly
  and pass back the image. So this is best used in
  situations where this type of activity is of
  minimum concern.

5

• Pass key in to do initial decrypt then use
  built-in key to do reencrypt

• This type of lock core is a combination of the
  first two types. It has the pros and cons of both
  types as well. You encrypt your assemblies with
  one key and then ship your software. At runtime
  you pass this key in to do a decrypt only one
  time. Then before the assembly is given to .Net
  it is reencrypted with the built-in key and
  resaved so that only the built-in key will
  decrypt the lox file.
• The main purpose of this variant is to give the
  same level of protection as the normal built-in
  key lock core, but with the added ability to
  require the user to enter a license key or some
  other token one time to get the software to work.

6

• Pass key in to do initial decrypt then use
  built-in key combined with local info to do
  reencrypt

• This variant works very much like the previous
  lock core type except that when the reencrypt is
  performed local information from the PC it is
  installed on will be included as part of the
  reencryption key. This effectively locks the
  software to that PC if the local info you choose
  is unique to that computersuch as a MAC address.
• The main purpose of this variant is to give the
  same level of protection as the normal built-in
  key lock core, but with the added ability to
  require the user to enter a license key or some
  other token one time to get the software to work.
  And to lock the software to that PC once the
  reencryption has occurred.

7

• Pass key in to do initial decrypt then use passed
  in key combined with local info to do reencrypt

• This lock core provides the most protection of
  the 5 types currently available. Like the
  previous lock core type this lock core reencrypts
  the assembly by combining local information with
  the key. Unlike the previous lock core type
  however this type reencrypts with the key that is
  passed in the first time.
• In addition this type of lock core also provides
  the same ability to lock the software to a
  particular PC depending on the local information
  that is combined with the passed in key such as
  a MAC address.

8
Why different types?
The idea behind different types of lock cores is
very much like the reason different types of lock
cores are made for hardware locks. The more
combinations of lock mechanisms there are the
less likely a crook will know how to bust into
your lock. Ideally each lock core made by each
AssemblyLockbox developer would be very different
from all others. Decrypt Verifiers (see Decrypt
Verifiers in help) provide a way to make this
possible. In addition as time goes on and as we
get feedback from the developer community on ways
to make more types of base lock cores and decrypt
verifiers the number of possible hurdles a hacker
will have to jump through to get at your code
will only increase. Ultimately any system of
protection can be hacked. The name of the game is
trying to stay ahead of the attackers. By using
different mechanisms for protecting different
pieces of code it prevents a hacker from getting
a universal key that gives easy access to all of
your software.