Your Public-Private Key Pair

Key on circuit boardWhy it’s important to save and protect your public-private key pair.

First of all – what is your public-private key pair?  At the highest level, this is the data that makes licenses you generate unique to you.  Your key pair is 2 sets of randomly generated numbers used to sign and authenticate licenses. One set is called the public key and the other set is the private key. The private key is used when signing licenses, that is, when generating the sig= attribute of the license. The public key is used by the RLM client and server to authenticate licenses – i.e. to make sure that all the things in the license are the same as they were when the license was signed. Your public-private key pair are generated together because they’re two halves of a whole – the public key used to authenticate the license has to be the other half to the private key used to sign the license.

In a nutshell, there are really only 3 things you need to know:

  1. Don’t lose your key pair.  If you do, you won’t be able to make licenses compatible with your software in the field.
  2. DO NOT let your private key outside your company.  Think of it as your crown jewels.
  3. When upgrading to a new version of RLM, be sure to copy your key pair from the old version.

Now, the nitty-gritty:

The key pair is in src/rlm_pubkey.c and src/rlm_privkey.c. When you build the RLM SDK, the build process checks to see if those files exist. If not it creates them, using randomness, so that your key pair won’t be the same as someone else’s. The public key gets built into things that need to authenticate licenses (your application, the ISV server, the settings file). The private key gets built into things that need to sign licenses (rlmsign[.exe], your ActPro gen file, perhaps a custom signing utility). You don’t need to think about any of this – it happens automatically. Well actually you do need to think about it a little bit.

What happens when you have built your first RLM SDK, everything is working right, and you go to build RLM on a second platform? For instance you have RLM working on Windows and you set out to build a Linux version. If you don’t copy rlm_pubkey.c and rlm_privkey.c to the src directory on the second platform, the build process will generate a new key pair, and build that key pair into everything. This will mean that things from the 2 platforms won’t work together. Licenses signed on the first platform won’t authenticate on the second platform – you’ll get an RLM_EL_BADKEY (-5) error when trying to use the license.

One more thought on key pairs – anyone who has your key pair can sign licenses that your application and your ISV server will accept. Therefore it’s important to keep them safe inside your castle. Remember, the public key is built into components that authenticate licenses so it has to be shipped outside into the larger world. But your private key is private and neither it nor anything it’s built into should ever leave your company.

Leave a Reply

Your email address will not be published. Required fields are marked *