dotNet Protector activation system is implemented around an infrastructure with public/private keys.
Operations which must be carried out at your customer (during program execution, licence request) use your public key, which is embedded in your assembly.
Operations which must be carried out on your premise (product key and licence generation) imply your private key contained in the dotNet Protector's key set.
IMPORTANT : Your key set must remain private. You should never include it in a program you distribute to your customers. Customer side, you must always use the static methods of ActivationManager (do not require keyset); dotNet Protector is given the responsability to record the public key in the assembly and the runtime is given the responsability to find it.
If you lose your key set , nobody (not even PV Logiciels) will be able to distribute licences to your customers. You will have to protect all your applications again with a new keyset, recompile your tools for licences and product keys generation, redeploy your applications and regenerate the licences.
When you enable hardware lock, every method body is encrypted, but the decryption key isn’t stored into the protected assembly. dotNet Protector’s runtime needs a license key to decrypt method bodies.
Hardware locking-unlocking is a 3 steps process:
1. You protect your assembly with hardware lock enabled. Bodies are encrypted, only your public key is stored in the protected assembly – no decryption key.
2. Your activation assistant, protected with dotNet Protector builds a ‘hardware configuration’ from the hardware where it runs. This ‘hardware configuration’ is encrypted with your public key (stored by dotNet Protector into your assistant).
3. Your license generator (activation server) decrypts the ‘hardware config’ and builds a license key. The license generator runs on your side, and embeds your private key, allowing ‘hardware config’ decryption and license key encryption.
When your assembly runs, dotNet Protector Runtime looks for the license key, decrypts it with your public key and tries to decrypt bodies .
dotNet Protector stores symmetric and public/private key pairs (there are more than one) in a key set. The keyset is built the first time you run dotNet Protector, with help from a cryptographic random generator (there is minimal likelihood the same keyset is produced twice).
Since pki is strongly involved in activation process, this is mandatory that your assembly and your activation assistant are protected with the same keyset. Your license generator will use the private part of this keyset to build licenses .
See also
Activation system, samples and guide