The Wibu-Systems’ world also has its secrets and mysteries – like the Firm Security Box or FSB. The idea of the FSB was born alongside the very first WibuKeys back in 1989 and has stayed with us up to the newest versions of CodeMeter.
Any secure license has to be based on cryptography. The standard is for licenses to be signed with their creator’s private key, and the validity of the signature is checked on the user’s side with the fitting public key. However, if the private key ever ends up in the wrong hands, unscrupulous actors would have everything they need to create as many apparently valid licenses as they wish – the worst thinkable outcome. That is why keeping private keys safely locked away is one of the most important jobs for keeping the entire system secure.
Compared to other run-of-the-mill licensing systems, Wibu-Systems does not rely on checking the validity of the license alone. With CodeMeter – and to some extent with its predecessor WibuKey since 1989 – every license is given a secret (license) key that is tucked away and kept safe in the license itself. These keys are needed to decrypt the software. Keys are the same for the same license and different for different licenses. A perfect setup, but it requires a secure anchor to create these license keys, which should be considered just as critical as the private signature keys. On top of the licenses, the software itself could be signed to allow it to check its own authenticity, which is particularly helpful for software packages that include applications and libraries that should be able to verify each other. Again, this needs a private signature key – with all the mentioned concerns about their possible loss.
To encrypt software, the right license key for the right license is needed, which could be got by creating a fitting license already before one starts the encryption. This is a possible, but rather cumbersome approach, so a solution is needed to give software developers a secure environment in which all license keys are available or at least simulated.
And this is where the FSB comes into the picture: It houses the private signature keys and secure anchors for creating licenses and the developer’s own Wibu-Systems licenses.