WinRAR uses an ECC-based signature algorithm to generate rarreg.key
. The algorithm it used is a varient of Chinese SM2 digital signature algorithm. Different to many standard ECDSAs, the curve that WinRAR selected is a curve over composite field .
Elements in ground field are represented with standard basis, i.e. polynomial basis. The irreducible polynomial is
where each coefficients is in . If we use
as the standard basis of the ground field, an element in can be denoted as
The irreducible polynomial of composite field is
where each coefficients is in . If we use
as the standard basis of the composite field, an element in can be denoted as
For clarity, we use , which is a 255-bits-long integer to denote an element in . The map between them is
The equation of the elliptic curve that WinRAR uses is
We use
to denote a message whose length is . So the SHA1 value of should be
where are 5 state values when SHA1 outputs. Generally speaking, the final SHA1 value should be the join of these 5 state values while each of state values is serialized in big-endian.
However, WinRAR doesn't serialize the 5 state values. Instead, it use a big integer as the hash of the input message.
We use to denote private key, to denote public key. So there must be
If we use to denote the hash of input data, WinRAR use the following algorithm to perform signing:
We use
to denote input data whose length is . WinRAR use it to generate private key .
-
If , we calculate SHA1 value of . Then assign SHA1 state value to :
-
Regard as counter, add itself by 1.
Calculate SHA1:
-
Repeat step 4 again with 14 times.
This private key is generated by the algorithm describled in section 5 where the length of data is zero.
The generation of license file rarreg.key
requires 2 arguments:
-
Username, an ANSI-encoded string, without null-terminator. Denoted as
-
License type, an ANSI-encoded string, without null-terminator. Denoted as
The following is the algorithm to generate rarreg.key
.
-
Use the algorithm describled in section 5, with argument , to generate private key and public key . Then output hexlified public key string with SM2 compressed public key format. The hexlified public key is denoted as .
The length of should be 64. If less, pad with
'0'
until the length is 64. -
Use the algorithm describled in section 5, with argument , to generate private key and public key . Then output hexlified public key string with SM2 compressed public key format. The hexlified public key is denoted as .
The length of should be 64. If less, pad with
'0'
until the length is 64. -
Use the algorithm describled in section 4, with argument and private key describled section 6, to get signature .
The bit length of and shall not be more than 240. Otherwise, repeat this step.
-
Convert and to hex-integer string and , without
"0x"
prefix.If the length of or is less than 60, pad character
'0'
until the length is 60. -
Use the algorithm describled in section 4, with argument and private key describled section 6, to get signature .
The bit length of and shall not be more than 240. Otherwise, repeat this step.
-
Convert and to hex-integer string and , without
"0x"
prefix.If the length of or is less than 60, pad character
'0'
until the length is 60. -
Calculate CRC32 value of
The final checksum the complement of CRC32 value.
Then convert the checksum to decimal string . If the length is less than 10, pad character
'0'
until the length is 10. -
Output with format