Are there secure public domain crypto or license management algos? Or are just commercial algos "commercial-grade"?

Question

Are there secure public domain crypto or license management algos?

That is, like a GPL or MIT licensed cryptography algorithm that's as secure or more secure than commercial cryptography?

Or are just commercial algos "commercial-grade"? Because surely, if the algos are demanding to develop, then many people could want to make income out of them.

@fgrieu How do I find information about these algos in such way that I can pick which one to use? I have no experience in crypto, just want to apply a crypto algorithm of some kind to a license management system. — mavavilj, May 23 '18 at 09:30
license keys generally use small elliptic curve digital signatures, which are then formatted into something a user can key into the software — Richie Frame, May 25 '18 at 01:38

score 1 · Answer 1 · answered May 23 '18 at 14:57

All good cryptographic algorithms are public domain. "Commercial" cryptographic algorithms are almost always snake oil.

Now, there is a difference between the algorithm and an implementation of an algorithm.

If the abstract design itself is not in the public domain (let alone standardized), then it's probably not something that you want to use.
A specific implementation of a public domain algorithm is a piece of software and may be licensed in an arbitrary manner.

The standardized algorithms that are in the public domain were designed by competent cryptographers with a proven track record, and the algorithms have been analyzed by the cryptographic community in general. Neither of these points are guaranteed if you are purchasing the rights to use some proprietary algorithm.

Library recommendation

Depending on what you want to do, you probably want to use libsodium. It uses the ISC license, which:

... is functionally equivalent to the simplified BSD and MIT licenses, differing in its removal of language deemed unnecessary following the global adoption of the Berne Convention.

Note that this library offers somewhat generic tools. It does not directly offer functions like generate_license_key and verify_license_key. I'm not aware of a well-known crypto library that does offer such functions out of the box.

Note: I'm not aware of does not mean there does not exist — Ella Rose, May 23 '18 at 15:03
@mavavilj What about it? It does not appear to offer anything more helpful than libsodium does in regards to a licensing scheme, and it comes with a more restrictive license. — Ella Rose, May 23 '18 at 16:31

Are there secure public domain crypto or license management algos? Or are just commercial algos "commercial-grade"?

1 Answers1

Library recommendation