REGKEY

The Registration Key System For Programmers

Version 3.2

Programmer's Manual

© Copyright Brian Pirie, 1993 - 1998. All Rights Reserved.

TABLE OF CONTENTS

• Part 1: Introduction
• Part 2: Using the RegKey system
  • A quick tour of RegKey
  • Introduction to registration keys
  • Principles of the RegKey system
  • File-based vs. user-entered registration keys
  • Using the KeyGen program
  • Creating generation/validation code sets
  • Generating registration keys
  • Validating registration keys within your program
  • Adding expiry information
  • Security issues
• Part 3: Function reference & language-specific information
  • RegKeyNewCodeSet Function
  • RegKeyGenerate Function
  • RegKeyValidate Function
  • RegKeyFileGenerate Function
  • RegKeyFileValidate Function
  • Using RegKey with C/C++
  • Using RegKey with Delphi
  • Using RegKey with Visual Basic
  • Using RegKey with other languages
• Part 4: About your evaluation copy and registering
  • The demo version & benefits of registering
  • How to order
  • Ordering by credit card
  • Filling out the registration form
  • Sending your registration fee
  • Ordering the source code
  • Order form
  • Terms of registration and source code use
• Part 5: Additional information
  • Getting help
  • Contents of this package
  • Glossary

PART 1: INTRODUCTION

Welcome to RegKey, the registration key system for programmers! RegKey is designed to allow you to quickly and easily add advanced registration key capabilities to your software. If you are unfamiliar with the concept of registration keys, see the Introduction to registration keys section in this manual.

Among the unique features provided by RegKey are the following:

• RegKey is designed with flexiblity in mind. For instance, RegKey supports both file-based and user-entered registration keys. In the first case, the registration key takes the form of a small file that is placed in your application's working directory (or the system directory). In the second case, the registration key takes the form of a twenty digit code that the user enters into your application or configuration program.

• RegKey also gives you full control of any differences in your application's behavior between registered and unregistered modes. For example, you may elect to have your application display a short "please register" message at startup when operating in unregistered mode. Alternatively, you may decide to make additional feature of your program available after the user has registered. You might also decide prevent your program from being used after a certain period of time if a valid registration key has not been provided. Since you implement this behavior, it is all in your control.

• Every application that uses RegKey chooses its own set of numerical codes that RegKey uses to generate and validate registration keys. This means that you can use RegKey for as many different applications as you wish, requiring your customers to obtain a different registration key for each program.

• RegKey is designed so that it is virtually impossible for someone to generate counterfeit registration keys for your software. The numerical code required to generate your registration keys is different from the corresponding code used to validate your registration keys. Since only the validation code is included in your program's executable file, the secret numerical code used to generate your registration keys cannot be discovered by reverse-engineering your program. It is mathematically infeasible for someone to determine your generation code from the corresponding validation code.

• For added security, RegKey uses 96-bit registration keys. Because many compilers and programming languages only support 32-bit arithmetic (or sometimes 64-bit arithmetic), registration keys are often no greater than 32-bits in size. While creating a registration key system that supports 96-bit registration keys involves much more work (creating RegKey has involved writing routines to perform operations as basic as adding, multiplying and dividing two numbers), it makes it virtually impossible to determine a registration key by an exhaustive search.

• The source code for RegKey is also available. This presents no security threat to those using RegKey due to the nature of the algorithms used by RegKey. Even knowing how RegKey works in great detail does not make it any easier to generate counterfeit registration keys for an application using RegKey.

• Included with RegKey is an example program that demonstrates how you can make use of the RegKey system. This manual also provides a tutorial on how you can best use RegKey, and discusses some of the issues you may want to consider.

• RegKey is very low-priced. For only $36 Canadian Dollars, $24 U.S. Dollars, or your country's equivalent, you are entitled to unlimited use of this and all future versions of RegKey. For an additional $36CDN/$24US/equivalent, you may also receive the RegKey source code. If you are using RegKey to encourage people to pay for your software, RegKey will quickly pay for itself!

This version of RegKey (3.2) is designed for use in 32-bit Windows (Win32) applications. RegKey 3.2 can be used with most Win32 programming languages. So long as your programming language allows you to call functions in 32-bit DLLs, you should be able to use this version of RegKey as-is. The RegKey package includes support files for using RegKey in Visual Basic, Delphi, C and C++ programs. This manual provides specific instructions on how to use RegKey with each of these programming language. It also provides general information on how to use RegKey with other programming languages.

If you are creating DOS or 16-bit Windows applications, you can use RegKey 3.1, which is available in C/C++, QuickBASIC, Visual Basic and Turbo Pascal versions. If you are creating applications for other platforms or operating systems, such as MacOS or Linux/Unix, the RegKey C source code is available to allow you to port it to any platform you wish to support.

PART 2: USING THE REGKEY SYSTEM

This portion of the manual contains information about RegKey that is common to all languages supported by RegKey.

The following sections describe the basic principles of the RegKey system, provide step-by-step information on how to incorporate RegKey into your applications, and discuss some of the issues that you will want to consider when using RegKey. This information is divided into the following sections:

• A quick tour of RegKey
• Introduction to registration keys
• Principles of the RegKey system
• File-based vs. user-entered registration keys
• Using the KeyGen program
• Creating generation/validation code sets
• Generating registration keys
• Validating registration keys within your program
• Adding expiry information
• Security issues

A QUICK TOUR OF REGKEY

This section provides a quick overview of the RegKey package, and is intended for those who want to see RegKey in action before reading the detailed information in the following sections. This section does not attempt to explain the use of the RegKey package in detail, but simply guides you on a tour of some of the programs and files included in the RegKey package. If at any point you want to learn more about RegKey, or are having trouble understanding a particular concept, you can skip to the following sections of this manual for a more detailed tutorial. You may also find the glossary useful to understand how certain terms are used in the context of this manual.

The RegKey package provides two distinct facilities for implementing registration keys within your applications. The first facility is used for generating registration keys, typically when a user purchases your software. This facility is generally used only by yourself or those responsible for selling your application. Registration keys can be generated using the KeyGen utility included in the RegKey package, or you may write a custom program to manage the generation of registration keys.

The second facility provided by RegKey is incorporated into your program itself, and is used to check the validity of registration keys at run time. This is accomplished within your pgoram by calling a RegKey function/procedure that performs the actual registration key validation. You are then able to adjust the behavior of your program depending upon the result returned by RegKey. This provides you with the option of displaying a special message when the user is not registered, disabling certain features when operating in unregistered "demo" mode, or limiting the length of time someone may use your software before paying for it.

Included with RegKey is a very simple demonstration program, named DemoApp, which allows you to test RegKey and learn how to use it within your own programs. The RegKey package includes the equivalent source code for DemoApp for Visual Basic and C. Refer to the version of this file for the language that you are most comfortable with. For Delphi programmers, the RegKey package includes a different demo program, contained in the DelpiDem.zip file. A quick read through the DemoApp or DelpiDem source code will give you a better idea of how RegKey's registration key validation facility can be incorporated into your program. Also, you should try running the DEMOAPP.EXE file to see how DemoApp behaves before you generate a registration key for it.

As mentioned before, you can generate RegKey registration keys using the KeyGen utility, KEYGEN.EXE. When you start the KeyGen program, you will see a list of applications for which you can generate a registration key. Initially, there should be a single application listed: "DemoApp (RegKey Example Program)". To generate a registration key for DemoApp, simply select it from the list of applications, and choose the "Generate Key" option. A second dialog box will appear, with which you can provide information on the registration key to generate. Enter your name as the "Registration String", and enter any combination of 10 numbers and upper-case letters as the "Random Seed". "Registration String" is usually the name of the individual or organization that has purchased your software. The "Random Seed" is used by RegKey during the registration key generation process, and is then discarded. For increased secuity you should enter a different random seed for each key you generation. To generate a registration key for DemoApp, you do not need to change any other options in the key generation dialog box. When you select "OK", KeyGen will generate a registration key file for DemoApp, and will then ask you whether you wish to generate another registration key.

RegKey supports both file-based and user-entered-string registration keys. With file-based registration keys, the registered user receives a small "key file" which is recognized and read by the application at run-time, in order to determine whether to operate in registered mode. With user-entered-string keys, the user enters their name and a 20 digit registration key into the application, which causes it to operate in registered mode.

The DemoApp example program included with RegKey uses file-based registration keys. Now that you have generated a registration key file for RegKey, you can try running DemoApp again. Ensure that the newly generated key file, (named ????????.KEY, unless you changed the default option in the key generation dialog box), is located in the default directory before staring DemoApp. DemoApp will now operate in registered mode, and will display the registered user name you entered when generating the registration key.

Congratulations! You have successfully completed your tour of RegKey. The following sections provide you with more detailed information on using RegKey, and part 3 provides information specific to using RegKey with each of the supported languages.

INTRODUCTION TO REGISTRATION KEYS

Registration keys are a form of software protection; they are a mechanism to encourage users to pay for your software or even prevent them from using it without paying for it. Registration keys are often used as an only means of software protection, although they can easily be combined with other mechanisms for added security and effectiveness. Unlike other forms of software protection, such as hardware keys, registration keys are ideal for shareware or "try-before-you-buy" software. Using registration keys, you have the ability to distribute a single copy of your software that serves as both the demonstration version and "full" version.

Registration keys are a fantastic idea from a marketing point of view. From a programmer's point of view, we want a registration key system that is quick and easy to implement, and not easily bypassed. RegKey helps in providing the capabilities to generate and test both user-entered and file-based registration keys. The mathematical techniques used by RegKey makes it extremely difficult for someone to create a counterfit registration key for your software. This manual also provides some ideas on other things that you can do to increase the "security" of registration keys, such as making it difficult for hackers to tamper with your program.

The idea behind registration keys is simple. When a customer pays for your software, they receive a registration key - either in the form of a small additional file or a numeric code - which switches the software into registered mode. The differences between registered and unregistered modes can be as insignificant or as great as you choose. The software may simply display a "please register" message when unregistered, it may only work for a short evaluation period prior to registering, additional features may be enabled after registering, or the software may refuse to operate entirely before registration.

While the use of registration key systems is not limited to shareware applications, this is where registration keys are most often used. Many of the advantages of the shareware approach to software marketing are obvious - the user has the opportunity to try the software before buying it, the software producer is able to reach a wide audience of potential customers, and it is often a low-cost approach to software marketing. In general, there are two approaches to shareware marketing. In the first approach, a special demonstration version of the software is freely distributed to users, and when the user registers they receive the "full" registered version of the software. With the registration key approach, only one version of the software is released. This version normally operates in "unregistered" or "demo" mode. However, when the user pays for the software, they receive a registration key which immediately causes the software to switch into "registered" mode. Of these two approaches, the registration key approach has become very popular for a number of reasons:

• It has proven highly effective in encouraging people to pay for the software.

• Since the registration key is associated with a single user's name, it discourages illegal sharing of the registration. People are more likely to give away a copy of a generic registered version of the software than they are to share the registration key that is associated with only their name. Although it is possible to "brand" each registered copy of the software for each user who registers, this often proves to be a great deal of work.

• Registration keys enable the user to easily switch the software into registered mode upon registering, without having to reinstall a registered version of the software.

• Registration keys also allow the option of upgrading to a new version by receiving a widely available copy of the software, rather than having to receive a new registered copy directly from the author.

• If user-entered registration keys are used (see the section on user-entered and file-based registration keys for a comparison of the two types), the registration key can be quickly transmitted to the user by phone, email, fax or conventional mail, rather than sending a registered version of the entire software package.

In addition to shareware applications, registration keys can be useful for many other software protection applications. For instance, registration keys can be used in implementing pay-per-use software, where a new registration key is sent to the user when they pay for additional use of the software. Registration keys can also be just as useful in discouraging the copying of non-shareware software as it is for encouraging registration of shareware software. Registration keys can also form the basis of multi-user site licensing systems. Although this manual cannot explicitly deal with all of the potential uses of the RegKey system, it does attempt to provide general information that will be of use regardless of how you are using RegKey.

PRINCIPLES OF THE REGKEY SYSTEM

This section provides an introduction to the concepts and terminology used by RegKey. The remainder of this manual assumes that you have read this section.

A registration string and corresponding registration key is associated with each person who pays to register your software. The registration string uniquely identifies the individual or organization that has registered, and may contain other information that should not be tampered with. In many cases, the registration string will only be the user's name, but it may also include information such as the registration's expiry date or the version of your software that was registered. (For more help on how to add expiry information to registration keys, see the section on that subject.) In general, the registration string contains information that the user knows before registering, for which your application must be able to recognize your "stamp of approval".

One of the key features of RegKey is the fact that every application using RegKey requires different registration keys; a particular user's registration key that is accepted by one application using RegKey will not work with a different application using RegKey. For each application or version for which you wish to require different registration keys, a unique generation / validation code set is created. Choosing a different generation / validation code set results in different registration keys being generated and accepted for the same registration string.

The secret generation code is used to generate registration keys for your applications. The generation code is only known by yourself or people responsible for generating registration keys for your application; the generation code would never appear in your program's executable file(s). Every generation code has a corresponding validation code. This validation code is used during your application's execution in order to determine whether the supplied registration string (such as the user's name) corresponds to the supplied registration key. If the registration key is valid for the registration string and validation code, RegKey indicates to your application that it should operate in registered mode. The validation code is contained within your program's executable files. Although it may be possible to determine this validation code by "hacking" your program's executable files, there is no known feasible way to calculate the generation code knowing this validation code. Therefore, knowing the validation code does not permit someone to generate counterfeit registration keys for your software.

The registration string and registration key may either be entered directly into your application by the user, or may both be stored in a registration key file. The first approach is referred to as user-entered registration keys, and the second approach is referred to as file-based registration keys. The following section of this manual discusses the advantages and disadvantages of each approach.

Subsequent sections of this manual discuss how to use the facilities provided by RegKey to create a generation/validation code set for a new application, how to generate a registration key for a user when they pay for your software, and how to use RegKey to deal with registration keys within your application itself.

FILE-BASED VS. USER-ENTERED REGISTRATION KEYS

RegKey provides support for two types of registration keys: "user-entered" and "file-based". For a given application, you must choose which of these two types you wish to use.

With user-entered registration keys, upon registering the user receives a 20 digit code of numbers and letters, such as:

F8T5CQ7LFVXDY6TSC4QU

To avoid confusion when copying the registration key, RegKey does not use the letters G, I, O, S, as they may be confused with the numerals 6, 1, 0 and 5. If the user accidentally enters any of these letters in place of the corresponding number, RegKey knows that the number was intended, as treats the letter as being equivalent to the number. Likewise, RegKey only uses upper-case letters when generating registration keys, but is not sensitive to case when validating registration keys.

When they pay for your software, the user would typically be required to enter this 20-digit code along with their name (the registration string) into your application or configuration program, for example:

Your Name : Brian Pirie
Your Registration Key : F8T5CQ7LFVXDY6TSC4QU

This information would then be stored by your program in a data file, for access when the program is subsequently executed. Using RegKey, your application could then determine whether or not a valid registration key for the user's name has been presented, and act accordingly.

When file-based registration keys are used, rather than receiving a 20 digit code, the user receives a file in electronic form, which they either manually copy to the application's working directory, or install using a simple installation program that you provide. When your application executes, it would then call upon RegKey to read this file and determine whether or not a valid registration key file is present. If RegKey indicates that this file is present and valid, your program would know to operate in registered mode.

User-entered and file-base registration keys each provide different advantages and disadvantages. User-entered registration keys have the advantage that no disk or electronic file needs to be sent to the registered user. This allows you full flexibility to send the registration key by conventional mail, electronic mail, facsimile or over the telephone. The RegKey registration key format is specifically designed to be easy to transmit by this means. It's use of both letters and numbers makes it a very compact and efficient representation for the 96-bits of information it contains, while its choice of numbers and upper case letters helps to reduce the possibility of mis-copying the string.

File-based registration keys, on the other hand, may be easier for the user. Rather than having to enter the registration key and related information manually, the user simply needs to install an additional small file. File-based registration keys may also be preferable if the registration string contains more information than simply the user's name. This might be the case when you are embedding expiry information in the registration string as described in the section on adding expiry information.

USING THE KEYGEN PROGRAM

The RegKey package includes a program called "KeyGen". KeyGen can be used for both creating a generation/validation code set for a new application and for quickly generating registration keys for one or more of your applications. KeyGen also provides password security facilities to control access to the registration key generation information that it stores. This section provides some basic information on how to setup, maintain and navigate through the KeyGen program. Later sections of this manual provide information on how to accomplish specific tasks using KeyGen, such as creating a new code set or generating a registration key for a new user.

KeyGen stores information on the application that it can generate registration keys for in a data file called KEYGEN.DAT. If you are relying on KeyGen to store the generation/validation code sets for your applications, this file is very sensitive. With the information in this file, anyone can generate registration keys for your program(s). Be careful to control access to this file. You should also be absolutely certain that you maintain backups of this file in the case of hardware failure, fire, accidental erasure, etc.

The main KeyGen window displays a list of applications for which it can generate registration keys. When you first install the RegKey package, only one application will be listed - the RegKey test program. When you write your own application that uses RegKey, you can add that program to the list by choosing the "Add Application" option. To generate a registration key for one of the applications on the list, simply select the application and choose the "Generate Key" option. To obtain or alter information concerning an application, such as the type of registration key generated or the generation/validation code set, select the application and choose the "Application Info" option. To remove an unwanted application from the list, select the application and choose the "Delete Application" option. When you are finished with KeyGen, choose the "Close" option. Only one copy of KeyGen should be running at any time.

KeyGen also provides you with the option of password protecting applications. You can enter a password for an application when you add it using the "Add Application" option, or you can add/alter/remove a password using the "Application Info" option. When a password has been entered for an application, that password will be required to generate a registration key for the application or to access or alter the information pertaining to that application.

Reminder: be sure to maintain a backup copy of your KEYGEN.DAT file.

CREATING GENERATION/VALIDATION CODE SETS

As is introduced in Principles of the RegKey System, for each application that uses RegKey you must create a generation/validation code set. It is the uniqueness of this code set that make the registration keys for one of your applications different from those for any other program using RegKey. The secret generation code is required to generate registration keys for a specific application. The validation code is used when checking the validity of the registration key at application run time.

The RegKey API provides a function/procedure named RegKeyNewCodeSet, that can be used to create a generation/validation code set within your own program. However, the quickest and easiest way to create a new code set is to use the KeyGen program included in your RegKey package. KeyGen also stores the new code set in its data file for your future reference. If you would prefer to write your own program that generates a code set using the RegKeyNewCodeSet function/procedure, see the information on calling RegKeyNewCodeSet in the section of part 3 that deals with the programming language you are using.

The RegKey generation and validation codes are both represented as ten digit strings of numbers and upper-case letters. Although it is mathematically possible for the validation code to be calculated from the generation code, the reverse is not true; there is no easy way to calculate the generation code given the validation code. Therefore, the process of creating a new code set involves RegKey calculating a validation code from a generation code that you provide.

To create a code set for a new application (or version), start the KeyGen utility as described in the section introducing KeyGen. Select "New Application" to create a new code set, in order to bring up the "New Application" dialog box. Enter the name of the application for which you will be generating a new code set. This name is not used as part of the code set generation process; it is simply used by KeyGen to distinguish between code sets if you generate more than one.

Next, enter the 10 character generation code for which a corresponding validation code will be calculated. These two codes will form the new code set. The generation code you enter should consist of numbers and upper case letters, and should be different for each of your applications.

KeyGen gives you the option of protecting the new code set with a password. This password can prevent other people who have access to your computer or data files from unauthorized access to the new generation/validation code set. KeyGen will also require this password to be entered before a new registration key can be generated for your application. If you choose to enter a password, note that it will not appear when typed. Be very careful to note the spelling and capitalization of the password you choose; the password will have to be entered identically in the future. The best passwords are between six and twelve characters in length. Remember that the password you enter has no effect on the actual validation code that is generated - it only controls access to that information when stored within KeyGen.

The "New Application" dialog box also allows you to indicate whether your application will be using user-entered or file-based registration keys. Again, this information does not affect the actual generation/validation codes. This setting only controls the type of registration key that KeyGen will create, if you choose to use KeyGen to generate registration keys for your application (see the Generating registration keys section). For information on the benefits of file-based vs. user-entered registration keys, see the section on File-based vs. user-entered registration keys.

Once you have entered the relevant information into the "New Application" dialog box, choose "OK" to calculate the validation code that corresponds to the generation code you entered. The generation and validation codes will now be stored in the KeyGen data file, KEYGEN.DAT. To view the generation and validation codes for a particular application, select that application in the main KeyGen window, and choose the "Application Info" option. If you have password protected the selected application, KeyGen will prompt for the application's password before displaying any information about the selected application.

When you create a generation/validation code set for a new application, you should always write these codes down in a safe location. Otherwise, if the KeyGen data file is lost or damaged, you could loose the ability to generate registration keys for your own software!

GENERATING REGISTRATION KEYS

You will typically generate a registration key once for each user, when they pay for your software. Registration keys may either be generated using the KeyGen program included in your RegKey package, or they may be generated using your own utility which in turn calls upon RegKey to perform the actual registration key generation. You will most likely choose to generate registration keys using the KeyGen program. However, if you wish to integrate the registration key generation process with another program (such as an on-line registration system or an order entry system), you may perform key generation by calling a RegKey API function/procedure. For general information on using the KeyGen program, see the section on KeyGen. For information on calling RegKey API functions/procedures from your programming language, see part four of this manual.

If you are generating a registration key using the KeyGen program, first start up KeyGen. Next select the application for which you wish to generate a registration key, and choose the "Generate Key" option. The key generation dialog box will now appear on your screen. This dialog box is used to provide information about the registration key to be generated. (If you have not yet added information about your application to the KeyGen program, it will not appear on the list of available applications. In this case, see the section on Creating generation/validation code sets.

When generating a registration key, you must supply at least the following two pieces of information:

1. The registration string, which is usually the user's name
2. A ten digit alphanumeric random seed

Depending upon your circumstances, the following information may also be required:

3. If you are using KeyGen to generate the registration key for a password protected application, this password must be entered to generate a registration key.
4. If you are writing your own key generation utility, that utility must specify the generation code for your application. (If you are using KeyGen, it automatically provides this information for the application you selected.)
5. When generating a file-base registration key, you may specify the filename to be used for the new registration key.

To elaborate:

1. The registration string is usually the user's name, but may also contain other information, such as registration key expiry data. For more information on the registration string, see Principles of the RegKey system.

2. In order to generate a registration key, RegKey requires a ten character alphanumeric string which it uses as a simple random number seed. If this string includes more than ten character, the additional characters are ignored. A different random seed should be chosen for each registration key that is generated.

3. If you are using KeyGen to generate the registration key, and you have entered a password for the selected application, this password must be entered. The password portion of the key generation dialog box is enabled if and only if a password is required for this application. Note that the password will not appear on the screen when it is typed. If an incorrect password is entered, KeyGen will refuse to generate the registration key.

4. If you are writing your own key generation utility, that utility must specify the generation code for your application. The ten digit generation code is passed as a string to the registration key generation function. For information on creating a generation code, see Creating generation/validation code sets. (If you are using KeyGen to generate the registration key, it automatically provides the generation code for the application you selected.)

5. If you are generating a file-based registration key, you may optionally specify the registration key filename to be used. If you do not specify a filename, RegKey will default to using the first eight alphabetical characters in the registration string, with a .KEY extension. For instance, the default filename for the registration string "Brian Pirie" would be "BRIANPIR.KEY". Likewise, for the registration string "1-2-3 Clocks", the default filename would be "CLOCKS.KEY".If the registration string does not contain any alphabetical characters, the default filename is "REGISTER.KEY". If you explicitly specify a registration key filename, that filename may optionally include a path to the directory where the registration key file should be created. If no path/filename is specified, the current directory is used by default.

   Note: If a registration key file already exists with the specified filename, it will be overwritten by the new one.

If you are using KeyGen to generate the registration key, choosing "OK" will cause a registration key to be generated, based upon the information entered. If the "OK" button of the key generation dialog box is not enabled, be sure that you have specified a registration string, a valid 10-digit random seed, and a password if required. When generating user-entered registration keys, the generated registration key will be displayed in a separate dialog box. You will now have the option of either generating another registration key for the current application, or returning to the main KeyGen window. When generating a file-based registration key, the registration key file will be created and another dialog box will appear indicating whether or not you wish to generate additional registration keys for the current application.

If you are generating registration keys from within your own program, key generation is performed by one of the following two functions/procedures:

• RegKeyGenerate
• RegKeyFileGenerate

The first function/procedure is used to generate user-entered registration keys, and the second is used to generate file-base registration keys. The registration string, generation code, random seed and other information required for key generation is passed directly to one of these functions/procedures. In the case of RegKeyGenerate, the 20 character registration key is returned to your program. In the case of RegKeyFileGenerate, the new registration key file is created.

VALIDATING REGISTRATION KEYS WITHIN YOUR PROGRAM

To cause the registration key validation to be performed, you call one of two RegKey functions/procedures, depending upon whether you are using user-entered or file-based registration keys. These functions/procedures are as follows:

• RegKeyValidate - For user-entered registration keys
• RegKeyFileValidate - For file-based registration keys

The registration key validation code for your application is passed to either RegKeyValidate or RegKeyFileValidate as a ten character alphanumeric string. If RegKeyValidate is being used, the registration string and registration key are also passed to the function. In the case that RegKeyFileValidate is being used, the registration key filename and string where the registration string should be stored are passed to the function/procedure. In addition, a variable is passed to RegKeyValidate/ RegKeyFileValidate which will be set to indicate whether your program should operate in registered or unregistered mode. Based on how RegKey sets this variable, you can adjust the behavior of your program as you wish. Both of these functions return a value indicating whether or not they executed successfully.

The RegKeyValidate function requires the following parameters, in order:

Hence, a typical call to the RegKeyValidate function might appear as follows (in no particular programming language):

result = RegKeyValidate( theRegistrationString, theRegistrationKey, myValidationCode, "A RegKey Programmer", 0, isRegistered)

The RegKeyFileValidate function requires the following parameters, in order:

Hence, a typical call to the RegKeyFileValidate function might appear as follows (in no particular programming language):

result = RegKeyFileValidate( "*.KEY", myValidationCode, "A RegKey Programmer", 0, registrationString, 50, isRegistered)

Typically, you will store the value returned in the peRegistered parameter in one or more global variables, that will be accessible at any time your program needs to know whether it is operating in registered or unregistered mode. There are no limitations on how you adjust your program's behavior between registered and unregistered modes.

For more information on calling the RegKeyValidate or RegKeyFileValidate functions, see the section of part four of this manual that deals with the programming language you are using.

ADDING EXPIRY INFORMATION

Often, you will want to provide users of your software with a single registration key that will work with all versions of your application. This is exactly what you achieve by simply generating registration keys with the user's name as the registration string, and using the same generation/ validation code set for all versions of your application. However, in some cases you may only want registration keys to function with particular versions of your application. Alternatively, you may wish to limit the length of time for which the registration key will continue to function. In each of these cases, you are adding some form of expiry information to your registration keys.

There are two basic methods for adding expiry information to RegKey registration keys:

1. Using different generation/validation code sets for different versions of your application.
2. Including expiry information in the registration string.

The first method, where you are using different code sets for different versions of your application, is only applicable when you wish to generate registration keys that only work with certain versions of your application. If you wish to include any other form of expiry information in your registration keys, you must use the second method, where this information is imbedded in the registration string. Below, both of these methods are described in detail:

1. If you wish different registration keys to be required for different versions of your applications, the easiest approach is to use different generation/validation code sets for versions that you wish to require different registration keys. For instance, if you wish to require the user to pay to upgrade from one major version of your application to the next, you could use one code set for the 1.x version(s), a second code set for the 2.x version(s), and so on. If you are using KeyGen to generate registration keys, you would then end up with both "MyApp 1.x" and "MyApp 2.x" in the list of available applications. When either a new user purchases version 2.x of your application, or a current user pays to upgrade to version 2.x, you would generate a new registration key using the code set for version 2.x.

If you only wish to add simple by-version expiry information to your registration keys, this is probably the preferable method, as it does not require the expiry information to be included in the registration string. This is particularly relevant when using user-entered registration keys, as the user does not have to enter the expiry method in addition to their name and registration key.

2. The second, more flexible option for adding expiry information to your registration keys is to imbed this information in the registration string. In this case, the registration string does not only contain the user's name, but also includes information such as the version or version(s) registered or the expiry date of the registration key. Since the registration key generated for the registration string proves its validity, the user cannot change the information included in the registration string without invalidating the registration key. When you use this approach, it is important that you choose a strict format for the registration key. For instance, if you wish to include the user's name and the date of expiry in the registration string, you might decide to format the string with four digits for the year, followed by a dash ('-') followed by two digits for the month, and so on. You might also decide that a comma and a space will separate the date and user's name. In this case, the registration string might appear as follows:

1997-11-28, Brian Pirie

While the method of using different code sets can be used equally well with file-based and user-entered registration keys, imbedding expiry information in the registration string is better suited to file-based registration keys. While this method can also be used with user-entered registration keys, it does require the user to manually enter any expiry information. If you do choose to use user-entered registration keys with this method, you may wish to provide some mechanism to ensure that the registration string is correctly entered into your application. One approach would be to break the registration string into a number of fields, requiring the user to enter the value for each field. You would then construct the registration string at application run-time, and use RegKey to check the validity of the registration key against this string. As an example, your program might have a registration dialog box with the following fields:

From this information, you could generate an appropriately formatted registration string, such as:

2002-11-28, Brian Pirie

If, on the other hand, you use file-based registration keys, this difficulty is avoided, as the registration string with any expiry information is stored in the registration key file.

Imbedding expiry information in the registration string enables many variations on the use of RegKey. Possibilities include:

• Selling registration keys that work with the current and next version of your software.
• Giving the user the option of either purchasing a "life-time" registration for all versions of your application, or purchasing a cheaper registration for only the current version.
• Implementing a pay-by-use system where the user receives a new registration key when they pay for more time. In such a system, a registration key could expire after a certain date or after a certain number of uses.
• Providing multiple levels of functionality depending upon the level of the user's registration.
• Creating special "beta-user" registration keys that work for both beta-test and final release versions, while "normal" registration keys work only for final release versions.
• Implementing an on-line "trial" registration system that allows the user to obtain trail-period registration keys without purchasing a full registration.

SECURITY ISSUES

When using RegKey in any program, it is your responsibility to decide whether employing RegKey alone provides enough security for your needs. While using RegKey alone does provide enough security for the vast majority of applications, there may be times when you wish to augment or combine RegKey with other software protection mechanisms. This section provides a brief discussion of some of the issues you may wish to consider when using RegKey, and attempts to answer the question "how secure is RegKey?"

When evaluating any software protection scheme, such as registration key mechanisms, it is important to keep in mind that no such mechanism is 100% secure. If your program can be executed, it can be reverse-engineered and altered. Fortunately, the fact that it is possible to beat a software protection scheme does not necessarily render that scheme as ineffective. In general, it is sufficient for a software protection mechanism to be difficult enough to beat that most users will be more likely to pay for your software than attempt to "beat the system". Yet as was said before, it is up to you to decide how much security you require for your software.

In general, there are three basic ways in which someone might try to bypass the software protection of a program that uses RegKey.

1. By always using the program in unregistered mode
2. By producing a "counterfeit" registration key for your program
3. By "hacking" or somehow modifying your software in order that it operates in registered mode without a valid registration key being present.

Each of these possibilities are discussed below:

1. By far the most common way that users bypass registration key systems is by always using the program in unregistered mode without paying for it. The likelihood of users doing this with your software depends largely upon the type of application and the incentives you offer for registering. In some cases, the majority of people using a software package that uses registration keys will be using it without registering. In other cases, almost everyone using the software will have paid to register it.

There are a number of things that you can do to encourage users to pay for your software rather than using it in unregistered mode:

• If the output of your software will be seen by many people in addition to the user who is responsible for registering it (such as communications software, on-line bulletin board software, programming library or other program that produces unalterable output), then displaying or outputting an "unregistered" message can be sufficient to encourage users to pay for your software. In this case, the unregistered message has the potential to advertise to many people that it is an evaluation copy and must be paid for.

• A common and effective incentive to encourage users to register software is the enabling of additional capabilities when operating in registered mode. These additional capabilities could be the additional helpful features for an application, additional "levels" of a video game, or the removal of demonstration-version limitations such as a maximum data file size. If you are taking this approach, be careful not to cripple your software's capabilities in unregistered mode too severely. If the user becomes frustrated with your software, it is unlikely that they will want to pay for it. Likewise, you will want to be sure that the user has an opportunity to examine all of your software's important capabilities.

• Another common incentive is to offer additional services to registered users, such as printed documentation, product support, free upgrade to new versions, source code, etc.

• Another possible approach is to have your software only work for a certain period of time without registering. To make it more difficult for users to bypass this scheme by reinstalling the software, you might want to store information about the date and time of the first installation in your program's data file (if applicable).

• An alternative to causing the software itself to expire is to require the user to obtain a temporary "evaluation" key from you to even operate in unregistered mode. This key could expire after any length of time you choose. For more information on adding expiry information to registration keys, see the section on that subject.

2. A second way a user might try to bypass a RegKey protected application is by producing a "counterfeit" registration key for your software. However, RegKey is designed to make it extremely difficult to do this. There are two conceivable ways someone might try to generate a counterfeit RegKey registration key:

A by an exhaustive search of all possible registration keys B by determining your application's generation code and using RegKey's KeyGen program to produce a registration key.

An exhaustive search would not be feasible, even with the world's fastest supercomputer. There are nearly 2^96 possible RegKey registration keys, of which nearly 2^48 are valid for a given registration string. This means that on average, 2^47 (1 followed by 14 zeros) registration keys must be tried before a valid registration key is found. To put this into context, a fully optimized version of the RegKeyValidate function would require more than 1/6 millisecond to determine the validity of a RegKey registration key on a 400-Mhz Pentium II based machine. Even being able to test 10000 registration keys per second, such a machine would require over 440 years to guess a RegKey registration key on average.

Determining the generation code for your application by guessing would be just as difficult as guessing a correct registration key. Also, although a RegKey validation code can be quickly calculated from the generation code, the reverse is not the case. There is no known mathematical method that would allow you to quickly determine the generation code given the validation code. As a result, even if the user was able to obtain the validation code from your application's executable file(s), they would be no closer to knowing the generation code.

3. A third way someone might try to defeat a program using RegKey is by someone modifying the program to cause it to always operate in registered mode. The vast majority of users would not have the ability to do this. However, there is always the fear that someone with the ability to do so may "hack" your program and even distribute an altered version to other users. While it is very seldom that this scenario causes major problems in reality, you may still wish to take steps to further protect your program from "hacking".

One key area that you may wish to endevor to protect from tampering is where your program stores its RegKey validation code. You may wish to somehow hide or encrypt this code. Alternatively, you may wish to add some logic to detect for any tampering to your program's executable file. To assist you in doing this, the RegKey package includes some sample C code that stores a hash code for the entire .EXE file an prevents the file from being run if it has been tampered with. This example is contained in the EXEVALID.ZIP file, which includes a document with further information.

If you are using the DLL version of RegKey, you should consider checking at runtime that the RegKey DLL hasn't been tampered with. For instance, your program could locate the RK32.DLL file and calculate a checksum, CRC-32 or other hash value for the file. That value could then be compared with an expected value to determine whether the DLL has been altered.

If you wish to add further robustness to make it more difficult to tampler with the RegKey code itself, you may wish to obtain the source code package to make such modifications.

PART 3: FUNCTION REFERENCE & LANGUAGE-SPECIFIC INFORMATION

REGKEYNEWCODESET FUNCTION

REGKEYGENERATE FUNCTION

REGKEYVALIDATE FUNCTION

REGKEYFILEGENERATE FUNCTION

REGKEYFILEVALIDATE FUNCTION

USING REGKEY WITH C/C++

In order to call the RegKey functions from a C or C++ program, you must:

1. Include the RegKey header file at the beginning of your program's source code file(s), using the #include statement:

#include "regkey.h" 

This assumes that the REGKEY.H file is located in the same directory as your program's source code. Alternatively, you could place the REGKEY.H file in the same directory as your compiler's standard header files. In this case, your compiler may require you to use angled brackets instead of double quotes in the #include statement, as follows:

#include <regkey.h> 

2. Link with either the appropriate RegKey library. In most cases, you will probably want to link to the static RegKey library, RegKey.lib. This allows you to avoid distributing the RegKey DLL (rk32.dll) with your program, and makes it more difficult for someone to tamper with RegKey. If you prefer to use the DLL version of RegKey, link with the rk32.lib import library instead of RegKey.lib. If you choose to use the static version of the RegKey library, you must defined the RK_STATIC symbol before including the RegKey header file. You can do this by specifying the define on the compiler's command line, or by using the #define preprocessor directive. For example:

   #define RK_STATIC
   #include "regkey.h"

   The actual method for configuring your C or C++ compiler to link with an additional library varies depending upon which compiler you are using. You should consult your compiler's manual for detailed information on how to do this. In most cases, this is either done by adding the .lib file to your project/make file (just as you would for your .C/CPP source files), or by adding the library file in the linker's settings dialog box. With Microsoft Visual C++, you can add the library in your project's settings under the Linker tab in the additional libraries field.

For an example of how to use RegKey in a C/C++ program, see the DemoApp.c sample file that is included in the RegKey package.

When calling either of the registration key validation functions, RegKeyValidate or RegKeyFileValidate, the result is returned in an enum of type RKVALID. To declare a variable to hold the result of registration key validation, you would use something similar to the follows:

RKVALID registeredMode; 

The address of this variable is passed to the registration key validation function using the C/C++ address-of operator (&), as follows:

RegKeyValidate(
   szRegString,       /* e.g.: Your user's name. */
   szRegKey,          /* Key entered by your user. */
   "KIXE4UB52K",      /* Application's validation code. */
   "",                /* Your name, if you've paid for RegKey. */
   0,                 /* Your RegKey registration key. */
   &registeredMode);  /* Variable to receive result. */

This variable can have one of two values, RK_UNREGISTERED or RK_REGISTERED. Therefore, at any point in your program where you wish to test whether the program is operating in registered or unregistered mode, you might include an if statement similar to the following:

if(registeredMode == RK_REGISTERED)
{
   /* Do what you want to do in registered mode. */
}
else
{
   /* Do what you want to do in unregistered mode. */
} 

USING REGKEY WITH DELPHI

The RegKey package includes the file RegKey.pas for use with Delphi. This file contains the information that Delphi needs in order to call the functions in the RegKey DLL. In any unit that will call RegKey functions, add RegKey to the "uses" line. For example:

uses RegKey;

To pass a string to RegKey, use the PChar function. To create a variable to hold the result of registration key validation, use the RKValid type. You would pass this variable to the registration key validation function you are using, along with the other information. For example:

var
   RegisteredMode : RKValid;

procedure CheckRegistration(RegString, RegKey : String);
begin
   RegKeyValidate(
      PChar(RegString),  { e.g.: Your user's name. }
      PChar(RegKey),     { Key entered by your user. }
      'KIXE4UB52K',      { Application's validation code. }
      '',                { Your name, if you've paid for RegKey. }
      0,                 { Your RegKey registration key. }
      RegisteredMode);   { Variable to receive result. }
end;

This variable can have one of two values, 0 or 1. The RegKey.pas file defines constants for these two values. A value of 0 corresponds to RKUnregistered, and a value of 1 corresponds to RKRegistered. At any point in your program where you wish to test whether the program is operating in registered or unregistered mode, you might include an if...then statement similar to the following:

if RegisteredMode = RKRegistered then
begin
   { Do what you want to do in registered mode. }
end
else
   { Do what you want to do in unregistered mode. }
begin
end;

USING REGKEY WITH VISUAL BASIC

To use RegKey in a Visual Basic program, simply add the RegKey.bas module to your project. To do this, use the "Add Module..." option on the Visual Basic "Project" menu. After doing this, you will be able to use any of the RegKey functions (proceedures) anywhere in your Visual Basic project.

When your program is run, ensure that the RegKey DLL is in a location where Visual Basic can find it, such as your program's directory, or the Windows system directory.

Note that several of the RegKey functions pass information back to you by changing string arguments that you pass to it. For example, the RegKeyFileValidate provides you with the registration string retrieved from the registration key file by filling one of the strings that you pass to it. In order for this to work correctly, you must ensure that the string you provide is large enough to hold the information that RegKey will be providing. An easy way to do this is to use the String function to fill the variable being passed to RegKey with a sufficient number of null (ASCII 0) characters. For example, to fill the RegistrationString$ string with 255 null characters before calling RegKeyFileValidate, you could do something like this:

RegistrationString$ = String(255, vbNullChar)
Result = RegKeyFileValidate("*.KEY", "0C9HMN1NDL", _
   "Your Name", 0, RegistrationString$, 255, RegisteredMode)

Since you will probably want to store the result of registration key validation in shared variable(s) that can be accessed anywhere in your program, you can declare such variables at the top of the module (.bas file) in which you call the RegKey validation function. For example:

Dim Shared RegisteredMode As Long        ' Variable to store mode to operate in
Dim Shared RegistrationString As String      ' To store name of registered user

The RegisteredMode variable that you pass as an argument to the RegKeyValidate or RegKeyFileValidate function can take on one of two values. A value of 0 indicates that the registration key is not valid (i.e., the user is not registered). A value of 1 indicates that the key is valid. For your convenience, the RegKey.bas file defines the constants RKUnregistered and RKRegistered to represent these two values. You can use these constants at any point in your program where you want to test whether the program is operatingin registered or unregistered mode. For example, after calling RegKeyValidate or RegKeyFileValidate, you could do something like this:

If RegisteredMode = RKRegistered Then
   ' Do what you want to do in registered mode.
Else
   ' Do what you want to do in unregistered mode.
End If

For a working example of how to use RegKey in a Visual Basic program, see the DemoApp.bas file included in the RegKey package. If you would like to try runing DemoApp in Visual Basic, create a new project, and add both the RegKey.bas and DemoApp.bas modules to the project. You will now be able to run or step through the DemoApp program to see it in action.

USING REGKEY WITH OTHER LANGUAGES

To use RegKey with most other 32-bit Windows programming languages, follow the programming language's instructions for calling functions in a 32-bit DLL. Generally, this will involve the following steps:

1. Tell the programming language the name of the DLL that you are calling. In the case of RegKey, this will be RK32.DLL. If your programming language offers the option of "static" or "dynamic" linking to the DLL, RegKey will work either way. Essentially, this controls whether the DLL is loaded when your program first starts up ("static" linking), or loaded when you call the first RegKey function ("dynamic" linking).
2. Tell the programming language the format of the DLL's function(s) that you will want to call. For information on the format of the RegKey functions, see the function reference section. Since many DLLs are written in C, the documentation for many Windows-based programming languages will provide information on how to translate C-style "function prototypes" into the corresponding function defintions in that language. If you don't have this information at hand, the following details regarding RK32.DLL may be of help:
   • All RegKey functions return a 32-bit integer, which can take one of two values. A value of 0 indicates some sort of failure, such as incorrect parameters, and a value of 1 indicates that the function worked correctly.
   • RegKey function parameters with a name beginning with "s" (such as sRegKey) are pointers to a character string. These strings may consist of 0 or more characters, ending with a null (ASCII 0) character.
   • RegKey function parameters with a name beginning with "n" are unsigned 32-bit integers.
   • RegKey function parameters with a name beginning with "cb" are unsigned 16-bit integers.
   • RegKey function parameters with a name beginning with "pe" are pointers to a 32-bit integer. This integer will be the result of registration key validation, and can take on one of two values. A value of 0 indicates that the registration key is not valid, and a value of 1 indicates that the registration key is valid.
   • All RegKey functions are called using the Windows "STDCALL" calling convention. This is the same calling convention used by all Windows API functions (e.g. MessageBox). In this calling convention, arguments are pushed onto the stack in righ to left order. The called function pops these parameters off the stack before returning. All arguments are passed by value other than those that are described above as being "pointers" (which are passed by reference).
   • The functions in the RegKey DLL are exported by name. The DLL contains both "decorated" and "undecorated" exports for each function. The undecorded version exports the function by the same name used in this manual. The decorated version prepends and underscore ( _ ) to the function name, and appends an at symbol ( @ ) followed by the total number of bytes that are pushed onto the stack to pass parameters to the function. It is also possible to call the functions in the RegKey DLL by "ordinal value". The RegKey functions are assigned ordinal values beginning at 0, in the order in which the functions are listed in the function reference section.

There are two options for using RegKey on platforms other than Windows 95/98/NT. As described in the introduction, RegKey 3.1 is available for use in 16-bit Windows and DOS programs. For other platforms, such as Macintosh or Linux/UNIX, you can use RegKey by building it from the C source code on the target platform. The RegKey source code is designed to be easily portable to other platforms by any C programmer with experience on the platform/OS in question.

PART 4: ABOUT YOUR EVALUATION COPY AND REGISTERING

THE DEMO VERSION & BENEFITS OF REGISTERING

RegKey is distributed on a try-before-you-buy basis. If you wish to continue using RegKey after an initial one month evaluation period, or if you wish to distribute programs using RegKey, you must pay to register it.

The complete RegKey package is freely distributed, and can be freely used for evaluation purposes. All the features and capabilities of RegKey are enabled in the RegKey package that you have. However, prior to registering, you may only use RegKey under the following conditions:

1. RegKey may only be used for a period up to one month, and only for evaluation purposes prior to registering.
2. Programs using an unregistered copy of RegKey may not be distributed.

Also, when unregistered, RegKey will display a message to the user indicating that RegKey is not registered. This message is, of course, removed when RegKey is registered.

If you decided to purchase RegKey, you will become the owner of a powerful tool for adding registration key capabilities to your software. Registered owners of RegKey are entitled to:

1. Unlimited use of RegKey. You may write as many programs as you wish using RegKey, and do what you please with these programs. There are no additional royalty fees for using RegKey.
2. You will also continue to be registered for all future versions of RegKey for all programming languages.

The best news of all is the low price of RegKey. This version of RegKey costs only $36 Canadian Dollars, $24 U.S. Dollars, or the equivalent in your country's currency. As was pointed out before, if you are using RegKey to encourage people to pay for your software, RegKey will quickly pay for itself! (This price will probably go up for future versions. By registering now, you will save by being able to use all future versions free of charge.)

Many people also elect to receive the RegKey source code package. The source code for RegKey is available to registered owners for only an additional $36 Canadian / $24 U.S. / equivalent. With the RegKey source code, you will be able to customize it for your own purposes, port it to other operating systems or programming languages, learn about how RegKey works, or increase the security of RegKey by adding your own anti-hacking mechanisms.

HOW TO ORDER

To order your RegKey registration and/or source code package by cash or cheque, simply fill out the order form, and mail it along with your cheque or money order to the address listed on the order form. To order by credit card see the second on credit card orders.

The following sections are intended to answer any questions that you may have about ordering RegKey. If you have any additional questions or uncertainties about your registration, please feel more than free to contact me.

• More information on filling out the order form.
• More information on sending your order fee.
• More information about ordering by credit card.
• More information on ordering the source code.

ORDERING BY CREDIT CARD

This information applies to CREDIT CARD ORDERS ONLY. Please read this entire section before ordering RegKey by credit card.

In order to cover the additional costs of processing credit card orders, a $7 shipping and handling fee applies to all RegKey orders made through PsL. All prices will be charged to your credit card in U.S. Dollars. As such, the total prices you will pay are:

• Just registration ($24 + $7 Handling) = $31 U.S.
• Registration and Source Code ($48 + $7 Handling) = $55 U.S.

You can order RegKey with MC, Visa, Amex, or Discover from Public (software) Library by calling 800-2424-PsL or 713-524-6394 or by FAX to 713-524-6398 or by CIS Email to 71355,470. You can also order online through the World Wide Web.

You can also mail credit card orders to PsL at P.O. Box 35705, Houston, TX 77235-5705. When ordering by phone, you must call between 6:00am and 6:00pm CST on Monday to Thursday, or between 6:00am and 12:30pm on Fridays.

THE ABOVE NUMBERS ARE FOR CREDIT CARD ORDERS ONLY. THE AUTHOR OF THIS PROGRAM CANNOT BE REACHED AT THESE NUMBERS.

Any questions about the status of the shipment of the order, refunds, registration options, product details, technical support, volume discounts, dealer pricing, site licenses, non-credit card orders, etc., must be directed to:

Brian Pirie, pirie@msn.com

To insure that you get the latest version, PsL will notify me the day of your order and I will ship RegKey directly to you. I will send RegKey by conventional mail unless I have previously heard from you, asking me to send your order by some other means.

When ordering by credit card through PsL, please be sure to indicate whether you wish to order just the RegKey registration, or both the registration and source code. Also, please be sure to include your credit card billing address. Without this information, PsL will be unable to process your order.

FILLING OUT THE REGISTRATION FORM

If you have printed the RegKey manual, you can simply remove and mail the forms below. If you have not already printed a copy of the manual, and you have a printer, you can quickly print these forms by printing the ORDER.TXT file included in the RegKey package.

If you do not have a printer, simply send a handwritten version of the order form.

If you have any special instructions for me, or anything that you would like to say when you register, feel free to write this on the back of the registration form, or on a separate sheet of paper.

When filling out the RegKey registration form, be sure to indicate how you would prefer to receive your RegKey registration key and/or source code. The following options are available:

• By conventional mail
• By Internet E-Mail
• By fax (registration key only)

Once you have decided which means you would prefer to receive your order by, please read the detailed instructions on your order method, below. Also, if you are ordering the source code, please be sure to read the section on ordering the source code.

• Receiving your order by conventional mail

  To receive your RegKey registration key and/or source code by conventional mail, simply fill out the order form and mail it along with your payment as described below. If you are ordering the source code, it will be sent to you on a 3-1/2 inch disk.

• Receiving your order by Internet e-mail

  If you wish to receive your RegKey registration key by Internet e-mail, fill out the order form and mail it along with your payment as described below. Be sure to include your e-mail address on your order form.

• Receiving your order by fax

  To receive your registration key by fax, fill out the order form and mail it along with your payment as described below. Source code orders obviously cannot be sent by this means.

SENDING YOUR REGISTRATION FEE

The price of RegKey is 36 Canadian Dollars, 24 U.S. Dollars, or equivalent for the registration. The source code costs an additional 36 Canadian Dollars, 24 U.S. Dollars, or equivalent. For your convenience, the equivalent value in a number of other country's currencies (at the time of this writing) is listed below:

This order fee may be paid using any of the following methods:

• Cheque or Money Order in Canadian currency, drawn upon a Canadian bank. In this case, your order fee will be either $36CDN for just the registration, or $72CDN for both the registration and source code.

• Cheque or Money Order in U.S. currency, drawn upon a U.S. bank. In this case, your order fee will be either $24US for just the registration, or $48US for both the registration and source code.

• An International Money Order or International Bank Draft (available from your bank, post office or organization such as American Express), in Canadian currency. Depending on the particular case, your order fee may be sent to me by the postal service, and you will mail your order form by itself. You should have the money order drawn in either $36CDN for just the registration, or $72CDN for both the registration and source code.

• A cheque drawn on any bank in the world, in that country's currency, equivalent to $36 Canadian dollars for just the registration or $72 for both the registration and source code. For instance, a cheque for the appropriate number of British Pounds, drawn on a British bank, is perfectly acceptable. However, I am unable to accept a cheque for $36 Canadian dollars, drawn on a British Bank. Please Note: I cannot accept Eurocheques, as Canadian banks refuse to cash these.

• Cash. Cash orders are also accepted, but it is your responsibility to get that cash to me safely. Please note that it is not usually recommended that cash be sent in the mail, and that I cannot be responsible for any cash lost in the mail.

  I would like to mention that many people have already ordered RegKey by sending cash, and I have yet to run across any case of cash being lost in the mail. Nonetheless, if you wish to send cash, you may wish to consider doing so by registered mail, for your added security.

If you are ordering RegKey from within Canada, you will most likely choose the first option (a Canadian cheque or money order). If you are ordering RegKey from within the United States, you will most likely choose the second option (an American cheque or money order). If you are ordering from outside Canada and the U.S., it would be ideal if you could send your fee by an international money order. However, any of the above order methods will be acceptable from any location. Also, it is quite possible that I may be able to accept other means of sending your order fee. If you are unsure about sending your order fee, please feel free to get in touch with me.

ORDERING THE SOURCE CODE

Many people who register RegKey also choose to order the source code package. With the RegKey source code, you will be able to customize it for your own purposes, port it to other operating systems or programming languages, learn about how RegKey works, or increase the security of RegKey by adding your own "anti-hacking" mechanisms.

As mentioned before, the RegKey source code may be ordered for an additional $36 Canadian Dollars, $24 U.S. Dollars, or the equivalent in your country's currency. The source code may be ordered either at the same time you register RegKey, or separately. If you wish to order the RegKey source code, simply check the appropriate box on the order form, and include the additional fee for ordering the source code. When you order the RegKey source code, you will receive it either on a diskette, or electronically, depending upon how you chose to receive your order.

Also, as with your RegKey registration, when you order the RegKey source code, you are entitled to receive all future versions of the source code. Whenever you wish to receive an updated version of the source code package, you can request that I send it by email, or send $3 dollars to cover the cost of postage and a diskette to my address.

The core of RegKey is written in ANSI-compliant C, and is designed to be easily ported to other platforms or operating systems. In addition to the C source code for RegKey, you will receive optimized 80x86 assembly language source code for some of the RegKey routines. Since the equivalent C source code is included for all assembly language routines, use of the assembly language source code is optional. However, the assembly language routines provide dramatically improved performance.

The RegKey source code package also includes the source code for the KeyGen registration key generation utility. The core KeyGen functionality is written in ANSI-compliant C, and the user interface is written in C++ using MFC.

For information on what you are permitted to do with the RegKey source code, see the terms and conditions section.

ORDER FORM

--------------------------------------------------------------------------
                           REGKEY 3.20 ORDER FORM
--------------------------------------------------------------------------
	
      COMPANY NAME : _______________________________   (IF APPLICABLE)

         YOUR NAME : _______________________________

    POSTAL ADDRESS : ______________________________________________________

                     ______________________________________________________

                     ______________________________________________________

   EMAIL ADDRESSES : ____________________________________   (IF APPLICABLE)

                                ___
I WISH TO RECEIVE MY ORDER BY: |   | - INTERNET E-MAIL (FASTEST)
                               |___|
                                ___
                               |   | - CONVENTIONAL MAIL
                               |___|
                                ___
                               |   | - FAX TO FAX #: ______________________
                               |___|

                        ___
I WOULD LIKE TO ORDER: |   | - BOTH REGISTRATION KEY AND SOURCE CODE
                       |___|   ($48 US, $72 CANADIAN, OR EQUIVALENT FUNDS)
                        ___
                       |   | - JUST MY REGISTRATION KEY
                       |___|   ($24 US, $36 CANADIAN, OR EQUIVALENT FUNDS)
                        ___
                       |   | - UPGRADE TO SOURCE CODE (ONLY IF ALREADY
                       |___|   REGISTERED) ($24 US, $36 CANADIAN OR EQUIV.)


I AGREE TO THE REGISTRATION TERMS,             ____________________________
SET FORTH IN THE REKGEY 3.2 MANUAL             (SIGNATURE)

MAKE CHEQUES PAYABLE TO:    BRIAN PIRIE
                            13 WHITE BIRCH DRIVE
                            R.R. #5
                            KEMPTVILLE ON  K0G 1J0
                            CANADA

+-- OFFICIAL USE ONLY ----------------------------------------------------+
|                                                                         |
| S.N. : _____________  SENT : _________________________________________  |
+-------------------------------------------------------------------------+

















--------------------------------------------------------------------------
                      REGKEY 3.20 USER FEEDBACK FORM
--------------------------------------------------------------------------

         YOUR NAME : _______________________________

    POSTAL ADDRESS : ______________________________________________________

                     ______________________________________________________

VOICE PHONE NUMBER : ______________________

   EMAIL ADDRESSES : ____________________________________   (IF APPLICABLE)


HOW DID YOU FIRST LEARN OF OR RECEIVE REGKEY?

             ____________________________________________________________


WHICH LANGUAGE / COMPILER AND VERSION ARE YOU USING?  (EG. VISUAL C++ 4.20)

             ____________________________________________________________


WHAT DO YOU LIKE MOST ABOUT REGKEY?

             ____________________________________________________________

             ____________________________________________________________

             ____________________________________________________________


WHAT CHANGES OR ADDITIONS WOULD YOU LIKE TO SEE IN FUTURE VERSIONS?

             ____________________________________________________________

             ____________________________________________________________

             ____________________________________________________________


DO YOU HAVE ANY ADDITIONAL COMMENTS?

             ____________________________________________________________

             ____________________________________________________________

TERMS OF REGISTRATION AND SOURCE CODE USE

When you purchase a RegKey registration and/or source code package, you are entitled to almost unlimited use of all versions of RegKey. However, in order to protect my investment of time and effort in developing RegKey, you must also agree to the terms outlined below when purchasing a RegKey registration and/or the source code. These terms are very reasonable, and are in no way intended to cripple your use of RegKey. The primary intent of these terms is that you are not permitted to disclose your RegKey registration information, or the RegKey source code, to other individuals. The terms of registration and source code use are as follows:

For the purpose of these terms, "RegKey" is defined to be the library files, header files, example programs and programmer's manual of all versions, present and future, for all languages and platforms, of the RegKey registration key system. Upon registering RegKey, the individual or organization named on the registration form (the registree) is entitled to use of all versions of RegKey, within the terms set forth below. Violation of these terms will be considered copyright infringement, and grounds for the termination of the registration agreement. The registree is entitled, at no additional cost, to use, distribute or sell the executable (.EXE, .DLL, etc.) files that result from using the RegKey toolkit. The registree is also entitled to use, distribute or sell the example programs or portions thereof. If purchasing the source code, the registree is also entitled to distribute any executable files that result from using altered versions of the source code, or portions thereof. The registree is NOT entitled to distribute the registration key number presented to them at registration, except when imbedded in the executable files of a program which uses RegKey. The registree is not permitted to distribute any portion of the RegKey source code. For the purposes of these terms, an organization is considered to be a company or non-profit organization. If the registree is an organization, the registration key and source code may be shared among members of the organization, under the condition that these individuals are using the registration and/or source code only for official activities of that organization.

These terms in no way suggest an agreement on the part of Brian Pirie to develop any future versions of RegKey, or fix any problems in current versions of RegKey. RegKey is offered "as is", and no warrantees are expressed or implied. In no event shall Brian Pirie be liable for any loss of profit or any other damage, including but not limited to special, incidental, consequential or other damages. This means that it is solely the registree's responsibility to determine the suitability of RegKey for the registree's application(s). This also means that no guarantees are made concerning the portability or compatibility of the RegKey system.

PART 5: ADDITIONAL INFORMATION

GETTING HELP

If you have any questions about RegKey, would like help with a program that your are writing, or have any suggestions for future versions of RegKey, please feel free to get in touch with me.

If you are having difficulties with RegKey, the more detailed information you supply (such as source code to the program that is causing the problem, how to duplicate the problem, etc.), the more quickly I will be able to determine the cause of your problem.

If you would like to receive the most recent copy of RegKey, you can request that I send it to you by email, or send three dollars ($3) to cover the cost of postage and a diskette to the address listed below.

There is also an index web page with links to the latest version of RegKey and other RegKey information at http://www.ncf.carleton.ca/~aa522/software.html.

You can get in touch with me by any of the following means:

• By conventional mail. My postal address is:

Brian Pirie
13 White Birch Drive
R.R. #5
Kemptville, ON K0G 1J0
Canada

• By electronic mail. My Internet e-mail address is:

pirie@msn.com

I try to respond to all correspondences as soon as possible. However, it is possible that it may take longer to reply to your message, particularly if you are asking a question that requires time for me to get an answer, or if I happen to be away for a few days.

CONTENTS OF THIS PACKAGE

The following files are included in the RegKey package:

GLOSSARY

This section describes a number of terms, as they are used in this document.

API

API is an acronym for "Application Program Interface" or "Application Programmer Interface". An API is a well-defined set of related functions or procedures that can be called from an application program written in a programming language such as C, C++, Pascal or BASIC. These functions are used to access a specific feature or set of features from within your program. The RegKey API consists of five functions (RegKeyNewCodeSet, RegKeyGenerate, RegKeyValidate, RegKeyFileGenerate and RegKeyFileValidate) which you can use to add registration key capabilities to your programs. Another example of an APIs is the Microsoft Windows API, which provide Windows programs with access to screen display, printing and other features which are managed by Windows.

BRAND

As an alternative to using registration keys, each copy of a particular application can be "branded" with a particular user's name. In this case, the application's executable file(s) contains the name of the one user who is licensed to use that copy of the software, and that name is usually displayed at program startup. Branding is commonly used in commercial software to discourage illegal copying of the software, as the guilty user's name will appear on every illegal copy. This disadvantage of this approach is that it requires the author or company selling the software to produce a unique copy of the program for each user.

CODE SET

RegKey uses the term "code set" to refer to a set comprising a "generation code" and a corresponding "validation code". For each application (or each version of the application) using RegKey that requires unique registration keys, the application developer(s) generate a unique "code set" using the utilities included in the RegKey package. The secret "generation code" is required to create the unique registration keys for a particular application. The "validation code" is used within the application itself to test a registration key provided by the user.

FILE-BASED REGISTRATION KEYS

RegKey supports two types of registration keys - file-base and user-entered. With file-based registration keys, both the registration string (e.g. the user's name) and the corresponding registration key code are stored in a registration key file. When a user becomes registered, they receive a small registration key file that is installed in the program's working directory. When a valid registration key file is present, the program will operate in registered mode.

GENERATION CODE

RegKey uses the term "generation code" to refer to the numerical key that is used to generate registration keys for a particular application using RegKey. For each different generation code, different registration keys are generated for the same registration string. Without knowing the generation code used by your application, it is infeasible for anyone else to generate registration keys that will work with your application. For this reason, you should take great care to keep your application's generation code a secret. You can use the KeyGen utility included with RegKey to create a new generation code. When a generation code is created, a corresponding "validation code" is also created. It is this validation code that is passed to RegKey by your application when testing the validity of a registration key. It is not usually important to keep the validation code a secret, as knowing it only allows someone to determine whether or not a particular registration key / registration string combination is valid for your application.

INFEASIBLE

The term "infeasible" is used in software protection to describe something that is very difficult - though not impossible - to achieve. For instance, even if someone were able to test one million registration keys per second, it would still take many centuries to discover a RegKey registration key by a trial-and-error method. Since so much time would be required to discover a RegKey registration key by this method, it is said to be infeasible to "guess" a correct registration key.

REGISTERED MODE

Programs that use registration key systems may operate in either "registered" or "unregistered" mode. In "unregistered" or "demonstration" mode, the software may have certain features disabled, may only operate for a limited period of time, or may display a "please register" message during program operation. When the user pays for the software, they receive a registration key corresponding to their name or other personal information. When this registration key is presented to the application, it will then operate in "registered" mode, eliminating any "unregistered" messages and possibly enabling additional features.

REGISTRATION KEY

For each user who pays for your software, you use RegKey to generate a unique registration key, based on the information of the registration string (usually the user's name). The resulting registration key is a 96-bit number that is (in all probability) unique for each user that registers your application. This registration key may either be entered into your application by the user, or may be stored in a "registration key file" that is given to the user upon registration. Your application can then use RegKey to determine whether or not the registration key is valid, thus determining whether or not it should operate in "registered mode". RegKey represents the registration key as a 20 digit base 32 number. The registration key returned to you when generating registration keys, and the key presented to RegKey by your application, is represented as a 20 character string of numerals and uppercase letters. Hence, AB7EWBR24LZTUFEY2PLF might be a typical RegKey registration key.

REGISTRATION KEY FILE

When file-based registration keys are used, both the registration string (usually the user's name) and the registration key code are stored in a small registration key file. This file usually has a .KEY filename extension.

REGISTRATION STRING

A unique registration string is associated with each user who registers your software. This registration string is usually just the user or organization's name, but it may also include additional information, such as the registered version or registration expiry date. In any case, the registration string usually consists of information that the user knows prior to registering. When the user pays for your software, you use RegKey to generate a registration key that corresponds to the registration string. When the registration string is presented to your application in conjunction with the registration key, it can use RegKey to test the validity of the registration string / registration key combination, in order to determine whether or not to operate in "registered mode".

SHAREWARE

A method of marketing computer software, where the author encourages the free distribution of the software. This allows potential users of the software to "test-drive" the application before buying it. In the shareware approach to software marketing, the user is usually required to either stop using the software after a three to four week trial period, or pay to "register" the software with the author.

SOFTWARE PROTECTION

The term "software protection" is used to describe any mechanism or scheme that is used to prevent or discourage illegal or unauthorized use of computer software. Approaches to software protection include "copy-protection" schemes which attempt to prevent a duplicate copy of the software from being produced, "hardware-key" mechanisms which require a particular hardware device (which is sold with the software) to be present in order to use the software, and "registration-key" mechanisms such as is provided by RegKey.

USER-ENTERED REGISTRATION KEYS

RegKey supports two types of registration keys - file-base and user-entered. With user-entered registration keys, the user manually enters registration string (e.g. the user's name) and the corresponding registration key code into the application or configuration program when they first register. When a valid registration key has been entered for the entered registration string, the program will operate in registered mode.

UNREGISTERED MODE

See "Registered Mode".

VALIDATION CODE

RegKey uses the term "validation code" to refer to the numerical key that is used to test the validity of a registration key / registration string combination, during your application's execution. Your application should pass its unique validation code to RegKey when it wishes to test a registration key. You can use the KeyGen utility included with RegKey to create a new validation code / generation code set for a new application (or version). Unlike the generation code that should be kept confidential, it is not usually important to keep the validation code a secret. This is because knowing the validation code only allows someone to determine whether or not a particular registration key /registration string combination is valid for your application. Knowing the validation code does not enable someone to generate false registration keys for your application.