HISE RSA Not Working

Casmat

Hey!

I'm having trouble with rsa encryption/decryption in HISE, any ideas?

HiseSnippet 2308.3ocsWl0qiZjFF1tSeFMcOKZhzn45i5q5HhBfAiwJJZBa1FvX.C1FyMQrTrYn.ypgQy+44evL3yoS5NIsxRKM9BK91JdqOnndJsxbOPUUd4jouxru.LY5e9AidXcDWjSLbhH+jo+0GTbppAkO9rK19BmpJf+joS+r02cL8UubxS+9O+SVmTGnG38tlL4XdrGXabVb868p8sxwooqb7AlwYeP1jeqnWNjKOMuYTOe1CXSJb7t3DB14bOsW7vjo+AA+357RiZmZP0XNr498FQ4cvmy+XbUraJ3tA9DiwA5Y2S3hhS80994Z0jISeo16m4e1yy7+9CJw9w+f+22A9aOE3w2WwG1Cl9heIIg+6PRS+.I8xmkzm+fgWYbQ86ibWO+oGDgiOPBbFa0enTdN2Iu3e7pG3xGy.V+UYNW.qJGM9gJdKEF1W933eewW+5WWBBeD.8d7adbUbJvne74b1WM5nrun9TbczdCl29FSPU8a9xGeihnnPqtHKCOyN1vKWitDudYGFKitvJFFCNVYutvPiDlPAFl7w7z4BPmeUaOpa09kGbOO2.m6ZGx5yW2RFcpUaAw7EWAVag6aNYrrjNTi5p8wAgc2BKB1WUJkJnDvzwIXMTJdgp0tQe0B4nL84AhzqVzH2xObnkQEiMKQY.gGIAfck1ibkLKhmO5x9UZyDCaSNGRuJkWvyLion9vx4HlGWlnVaVdXkpz1PFuraqu0eCtslw.C162EH1Cop2qxViXABt0ppgSEvpSSwdli9RXhAwrlpcBq7j0AqAUWx1kGu0c8.WywxlRZyRuyySTB7WJQNmxwWQon2Mh+nlREwoATeb24xfE5bYLZ6xx5DD1AEmI.DuQwycPmRbG5Fy7MhrJ.EQiENb1zcTVgEc3asvsWrgITgkgQfKbrOangk2xNOXuM+V6.FpbaVaBcahgRIhbz.KYawYsHLLmlcse8lcFVyj1DvuCc9Qk1l1fcnynqfbCNratQKC3C.jKSP2eFIyvdWlb2bI7dWo1rvlLfE2lFXTuaBzAY.CMEFmDTPcpM0TRube2Y90qK5iCn2CytneJmdPF.LnZZ2yquNoOHPe95FPC.g2xWYNsIiFFMuJKxYcwJFn.0YFlzP8qKVIVE0ntesTuUsoztsVGXYwn0DiVz2ZGZH05cb6x5yFL0DF6ZWjH42KaulbisJxE7PPsG+Z77DZsNeksGMT1Tu.0cayRYAtCIFQPMEdfngw1EN6Rc8vrS3RaENSqZldKl+naLBCBitLanNOwUqEWrRC2GYxnTW6GWFbdf0N2Fk7zL5wuPhnj0Urxc0MepsnWvkn1XugdNzrZNNIybZ1CDAbKD2LrsccXbzoYb0gcAnV3aCB5cnb2lEuBco4b6akwX0bfMqQIm2NaHRz5Folx4KB4i5zSNgr2lmZyb.TOPzCKoZl3ADJd+KCRvKC10I25tqWtzyEqitQeZ+7i35.48jqvPMgADGQgq33mezW+VHR574z68ubNlNqGIDO.Hs7v.1d7yyUs3kwNRrB0dFdQqiLElsgNVHfrB0RT0Rwv6T40jEdmpkVGL3rk674K0c7LWqp0Ghvc2WUy4Jvz5UG.fZUkvst4KPKfNgl0NzP47jYKMU8EHpet+xYmk6SxeADiFS2yPdQYfwNZ11dv5CcpIcYc1H0DjWNVpA4KWtqnBm.0aVVQOVPxxvyo2HifWMkzXhvDsJZvNYFMaGwskY1hKAChZlC1qa8hMpZnkWdRsxRIwljWhGicavQs98RRFzFqpl4UDbUtzESlbV6hin3aH23TRKNtXd2xcHaz3nt2eYoBGHyBBJrMsTW2tOfbQbamB1wqGEskFNmhwrSKjJNb9lVSnV3YxCcMKYrfY6rz8Eru15CYukdPxEkyVk6XNaGe4plpBaFaG8UFbL5WOAoA96SHtxh4BBnJ3PAHcdt7hF8mXM7SWuWMQHuMXs7Vn+hVBmLxtiGOLeMgVkCU04bzc.9CrL4qYjG7i437bviIP0hmsDaHUbOOki5Yk.oy5HpJG5WKmJuLprpdMMCQWu0EBdpHIzZDihCy75YufVLfONBtdda8UcoQXN0frvbb1dwpU7n0gSoo0BD73rA41aYNi5wpTkiUuQqM+nbIIOmFwME93CTJzEcBWpZrJKKHVwsBD544BYkTBq759l2786D4C9I6DM53C2IZbiom2FhUL4isEj5XSjl4dbtP4wqEXfnHNIXAyVHDbb8L0C05WqzhxjiQDOVNfrDAPAS6mi4ldo0AUjG4Z1Qua7dmksvbk6s2yuoSgIZEMUujZ4L2Krf9b6KpV8ZrfEwkcz3a63qYryGTPCQyIpka2nxZDF.2Df5EYtLVbK4LQMVa8aaDlGJ6dTCDbAe7SIkGnvYMiMHY1HUsuxqxtegtPsDMzaSuRAR4AyP2fTBHs6PxR.r6flZ3IlVIQQr5kkk76Ys3trIBVJIk3HFO6VUWYpyhqnBTDqUOOrgHv.nBxfl7xdYj53lCa2gWgR3eBw.1fwTDxOXWTwxxa2uKZSrBHrKUPMlO3FFEaOi4lDNglYgYAJpojxd6LvWdBbqSjmQmg8oGaibFU4ofupnLFV+1wmWewWGz.8piygOlC2kWCTgu8Kd8+50u50+6W+3OMTPvGM1c3kx7zTP4GM7cnwxeoBeKrIyET9kO15j1.9gDGop9wnZ+geanZdOyR8AIlCEgw0pEf2YuJO0+NB18q+4fcSdGL13UGD4cpcty58Nei4U.JqiuKmo7f1QX4mI+d0C7ifE04Ei3x+LrvQfzb+lTm5eLk5cb72EXre7iPCui+Aqhq6+Pb8eGnqX+hnq+Vk3m+fVbsWzGWiu3inwwN0+Oz36.9+KOHDD.7peu.e4Cqr9To6+Ut86yapiggJN0kw2lL8gcMYFimywCLd2gPP53f+vzWb+skmswtaeuCX.f9OY7eG+8tf32sm9tf3eevIYNdk4em2yqBtejh+3SdF0D7oSP8pwixMZ+H9jmVY7g84rwS37cdd+3g5mU3rO0BI9TKj7Ssv4epER8oV3hO0Bo+0K79APYZpyyddYyjIJZBO8ojoSEfNiuA9zaqS9e.YcBzLB

These keys are for test purposes

Thanks!

parabuh

@Casmat I have some issues too, I don’t know even where to start, this hise autogenerated private key is strange and i don’t know how to generate it in own api

Lindon

@Casmat

What are those keys you are using? where did you get them from? -- try using the 512-bit keys HISE will generate for you:

Tools>Create RSA Key pair

..and it works fine:

HiseSnippet 897.3ocyUssaaaDDkT1rnV8BZ.5G.geRAv0XWdmnnnI9VgPqcDhbS6aAK2cVqElZWAxUoUnn+Y8ip+AsyJJaIkpDTHz.T9fflyLGxCOblYG0X3Paqowy+naWLC77+zfwKz1ImOgozdCuvy+yCtl0ZglvNnyVLi01BBOe+C9NGf+QG5s75O+1yX0LMGVC448JihC+fZpxtFczy9dUc8ULAbqZ5FUm7rgbi9bSsYNpmCBHdyX76Y2A2vbk0Kvy+itTnrllwVlEZ87O7LiXw3IleQ2U+qTsppZvEP8Fi2nN3qL0BmhcndmOQUKF8v6cqGdWFs1ENnyE9xfqUB0i3qciuXYhv0L1zO76ss7NXK4Q2TdjMj2Njj+FR5vNI8jfw7F0L65LN87IAC03GGICs8MkRWsd89idAmavJz1SmxtGtpACdjwfLB4jP7mm90862.2EBZd32DdkpFFu.+lO8TDnYwL6OorSd43mO33agV6wmDdbkLQjTDyqjLpjvRSygXFQPIwxHAsLmlJxJnUoLHNgQhxhn7TBojGmVPyiqHxbAQJiYLRJTjWVxv+mjS4EPFCRixphDhRYtLycypnwTBTRDLQZbbZkLq7DQAWRDkrHnHIMQJY4BonHKIsjCfnnjVTIghzrbBsrHJQjVlWHfB.xSf7HBvDQIzxrnTdoHEvmVJxLB0ZEhliOuJdIIMgRjbNqn.gx4wB.n.OtHpL+3GrLA7VVFBrokgNH5WT5+OTL1KzZpgSm0nz1AnTcfx4ZtUYzgF8MFK7B8fm1+25eT+eue3amRJ2YNWKViotFZ1YZ2Xdy6i3.87oUPyIgugUOGdrPr2e6Apf28.0ly67tN9MJznGpU1WLCzuqs.dqFSv+8iCufYYtovUXXcyfFqxIA+Kf2fqz5lIOJ3Bn8dqYFtT6eLvhqJLh40L616ObKMWk.8fsFZcCl5VkcwlKU+Oaox+VI9jfQJKext0XucnQzo9PnwUqh+rfKkRfaWKvCCt5m+vr206kl4Vk9tqY1F0uh8a2Le5X7zHNfOcsFpc8f98bcKcwDWryAFCZwxf+BuVkj5h8Wkj9PRuoLdi407tNe2x9OdIBpI8xy4NBOvEiCodKmFPdAjSIdSwycdMm6d8+JrAd2bh1CNw6Amj8fS5dvIaO3juGbJdubbG4+74VyztwADXzkKWQ36eolgcVK6B89afrUYH2

it even works with the 2048-bit encryption - but as you can see it gives you a very long encode string:

HiseSnippet 1393.3oc6Ws1aaTDEc2jXfXdnVI9AXkOkJEhl2ODBQayCTDzzn5RguUMOt2lU0dWq0qKDg3+L+Cf6Zm13TRqPQzuUqnjL2Ytybly8Lyb7YsMIX97l1hxse5EyfhxuXv3Kp6N+fyCU0EmbXQ4WM3Qg4cP6nUgd3EyBymC4hxxM+g9.kauUwxO+02+vvjPcBtJTQwyZpRvOUMsp6pnmc+erZxjiCY3oUSWazp6eRpo9flIMKH7r4.VwrP5kgW.mF5G1FCJJ+jixUcMsi6Bcv7hxsdXS9hwm27a0qF+yplWEm.8M3EioIZU3ialj6QbezhCNuZR9rWuumWPyxYWwBathE95AOpJW8l3WwF2YYGitJi04ixMtN717ZviuN7XqAua.RkqAosVAo6NXbpsZV2U8zimOevI0TwACDsuNTVM1hMN8SGbPCMh5t8mFdIbbK03MYrqgw1aD8q68sCG1BuXDTmF8ciNtZBL9BplOceJP6Ey59kptyex3Gr6NOEl2sydi1QgNKlE4n.7VHFz7jykxFKnSYlUlfbNmhBlWiZFmq8ZOjT7L8mnAsQz64AC26U1nPmT5HBdmMYDdgO4xFTp8YdzK0VzwxFgBEVZpgLJR.m4wPHDSdZYknJ6XRApRNs2YzojB4Vv444.DztDSBZuMfnE5wIZRYUjKcYI33dCpUT.YTyxRNWBIdl6cZWHH6WPtvJRwTxyYJtxiH5oIfqMhD2YENaVFrLlOvsYCX3IffEFSLtMxAmkqXRSBsItLiwfTv3ZgPSbkzJALQ6UPHiFSvxiZk2vRNivJI1ADQ.hYU.XLzAZmKqrfWaocTLBFFjzfLhxPjlHsioR1Pz57FCs9QtxnoQnBwLZDBF8KEXPe.MfWZjrnMFy9rNYTT5wrfV3HwRFa1xQhojIgGkTURwcJpHm8HQe98bJWVyncL5zBmKlyAoWaz1rRqilX.3z9JKo4UIYDkDTLmOIYPTJYnPRbtiqxDymnp.xAH3H9vSBCjonMGoXzQQF0jfHSSnL6UBczBbHvD7Xj1pbPgfD4JQLqCAkHHkXFADEfMK.kiJTQvqXjxLXsAeVp.ESQZ9rvpIsnSP6C.DDqwxNSjTxQ5xhnH37xjoWRnSdiGAMIphbqMp0JhzhLzZMD8SmDXjJU4rNNJnkN405.sQfnmTnzDPTiTD0dp95rLpzS0dOwfP1yH4iMEbRc1IEJaBAqkN+P5HfD3nhNiQHHvEFh7H8hTEoi.DZ4bBvjbjyR1H8SHRjJSmhbjXRGs14nmnIelXzDw0BajpiIevAICUmMffSIQIKjFNGjT99jlidGU0AOmiTYgTRJDMYNmkQ5fkKnoSE9cd8UFY3stxfBr9UFzMHz8E5OJX9nfY3P5on4MSf8m0VU20KMnfWOFodnX3h5TWUS8nl5Sa5fGWu68F9GC2d3eNbza2Eh2Xe8O501LYBzdic2a7n88k3t0KlFg18F8pvjEvaFH8Z70ehev69I90cfjV8F7ZCro9j5ptGOCpeW9RJt7ga5+94SNLzE58EbYLZbyf1tpdHTdH7Jxj0JWBaO3PX9K6ZlQ1r9WVHHyKM4ESBcW2QSuMtK6f3fqYin2pP87ptKV2l2+a1b9uBw6N3rptz42LF23FvHwTeHv3klC+xAGgHj5tBfaM33e8CiSvhmzrnqp9EOJz0V86jd6zESGS9iS.s500vjdMX4F8pkUsY8s6YfwPcdYi+l9bYm791kW1I+0cVLMjZaddZkxu294msLBgo5kNu2l9J.T6Q7hkmFn7Fv1mULkbB+7Tpe6+Mj.9lyQbKxQdKxQcKxQeKxwbKxwdKxw8dyo+Kg7fEcMSWcbfBb1QKuhnr7n5.orVpBK9G.N5+yJA

parabuh

@Lindon i tried to use this hise generated keys to encode string by some online decrypter by it dosn't work. These keys are strange : l

ustk

I confirm creating the key pair from Hise is the way.
The 2048 length works, I did add the option for better security since cracking a 512 key seems quite easy nowadays (at least following my research) but the server load (using my own PHP plugin) to encrypt my licenses is huge with a 2048bit key (512 is fast, 1024 is acceptable), am I the only one to have this issue?
Does anyone using Hise Activate encounter a noticeable delay too when using a 2048 key?

Casmat

@ustk yeah 2048 is minimum for todays world and it does take a couple seconds to sign due to its size, this is where rsa reaches its annoyances, hence why there’s modern options (ed25519 algorithm) which have both shorter signatures, faster performance, all while getting more security.

ustk

@Casmat Hence my current personal interrogation about moving this encryption to a specific server so to release the load from the website...

d.healey

Can't this just be defeated by switching an if statement within the binary anyway?

ustk

@d-healey Not when using the Unlocker system which is deeply embedded in the binary. I believe this is the best protection Hise (Juce) offers so far...

Casmat

@ustk hmm, what’s this unlocker system im seeing, Is it just meant for HISE Activate or how do I work with it?

ustk

@Casmat

https://docs.hise.audio/scripting/scripting-api/unlocker/index.html

I'm not sure there's a dedicated thread about this but if you search the forum you'd find some examples...

Hise activate is a ready made server for the encryption so you just have to worry about your plugin implementation side, but you might roll your own PHP script own your server if you feel it
there's a PHP example somewhere around...

ustk

here:
https://forum.hise.audio/topic/5369/build-failed-with-copy-protection-enabled?_=1704891683446

Lindon

@d-healey said in HISE RSA Not Working:

Can't this just be defeated by switching an if statement within the binary anyway?

yes - or a number of if statements if you've coded it that way. All this is doing is

1. stopping the script kiddies on day-0
2. stopping the pro-pirates building a keygen

So these are the two worst scenarios for reducing sales.

So can this be hacked ?- why of course it can, anything can be hacked eventually, but this requires the pirate to hack your code base and distribute their own copy of your product. At that point you are pretty much where Urs is at with UHe. Sure he's using a more sophisticated series of counter-measures but the single most important counter measure (he says) is to release updates often -1.1,1.2,1.3 etc. forcing the pirate thru the hoop one more time.

Should you use 2048-bit keys - well, 512-bit stops issues 1 & 2 above so really its hard to see the point.
Any pro hacker(as you rightfully point out) will just circumvent your serial-checking code in all the places they can find it making the actual algo. pretty moot, as long as they cant reverse engineer your checking code (and using RSA stops that as they cant generate your private key)

ustk

@Lindon said in HISE RSA Not Working:

(and using RSA stops that as they cant generate your private key)

unless 512 is "easily" hackable, right? Hence the 2048 size
because if a hacker can easily hack a 512 key there's no point in building the most protective code

Casmat

@ustk thanks! Looks like the unlocker is mainly meant for online licensing solutions. We’re currently planning to release a version with a simple offline auth system using ssh keys to encrypt and make the user download a license.dat file and import that along with the installer into the plugin to verify the license

Casmat

@ustk 512 can be cracked in a couple days with decent hardware, possibly hours with good hardware. 2048 is estimated to be crackable in trillions of years

Lindon

@ustk said in HISE RSA Not Working:

@Lindon said in HISE RSA Not Working:

(and using RSA stops that as they cant generate your private key)

unless 512 is "easily" hackable, right? Hence the 2048 size
because if a hacker can easily hack a 512 key there's no point in building the most protective code

yeah - EdDSA seems to be the way to go...if you want it secure - buit really the last hour has told me I know nearly nothing about asymmetric encryption...