Every security certificate has an encryption template (this is referred to as encryption key in the SoftwarePassport GUI). The encryption template is what SoftwarePassport/Armadillo uses to create the encryption for the certificate, and is the primary reason it's so hard for someone to create a bogus "key generator" crack for a SoftwarePassport/Armadillo-protected program. Unless a cracker can get your encryption template (which he would have to get from you, since it isn't stored anywhere else except in valid keys), he can't know which of the over four billion possible key values you used. (Note: With Signed Keys, even if a cracker DOES get a valid key from you, he wouldn't be able to create a key generator — he would need your actual encryption template for this.)

A special security certificate, called the default certificate, works a little differently. Used mostly for evaluation versions of programs, this certificate uses a fixed encryption template ("DEFAULT"), which allows SoftwarePassport/Armadillo to access it even when the user doesn't have a key for your program. Note that the default certificate is optional; if you don't want to allow people to use your program without a key, you don't have to make one. If SoftwarePassport/Armadillo doesn't have a key, and doesn't find a default certificate, it tells the user he can't access the program until he gets a key from you.

A SoftwarePassport/Armadillo key is to a security certificate what a physical key is to a lock. It lets a user into the program. There are literally billions of keys that will unlock a certain security certificate, but they're hidden in the many octillions of possible keys. Pure math makes SoftwarePassport/Armadillo's keys secure; in order to crack the encryption template on a single certificate by brute force, a cracker would have to try every possible key combination. If the cracker's smart about it, it would take 2,000 years on a 100MHz Pentium-class system; if not, it could take exponentially longer. Since there is no mathematical way to attack this encryption system (like the quadratic sieve or general number sieve for RSA encryption), it would have to be done with a brute force attack, probably with a much faster system (a 200 gigahertz system would still need about a year to go through them all... at the time of this writing, Intel and AMD are just about to come out with the first 2.5 gigahertz chips). We can increase the difficulty by an arbitrary amount (with no other changes) as computers get faster.

When a user enters a key, it is stored on that system, in an encrypted form, in such a way that it's very difficult to tamper with it without SoftwarePassport/Armadillo knowing. After that, the key is on the system permanently, unless the user enters another valid one. Even if your program is uninstalled and reinstalled at a later date, SoftwarePassport/Armadillo will remember it.

Every key stores the date that it was made (you can use SoftwarePassport/Armadillo's key-checker to see the information coded into a key), which helps SoftwarePassport/Armadillo to determine if a key is valid or not, and if the user's system clock has been set back.

That's all there is to keys and security certificates. If something still isn't clear about them, please contact us for more information.

See also the following topics in the Armadillo Help:

• Checking Keys
• Creating Keys
• Creating Mass Amounts of Keys, or Creating Keys from a Custom Program
• Encryption Template
• Installing Keys
• Keys
• Modification Keys
• Stolen Keys