I've been looking at this all day. I probably should have walked away from it hours ago; I might be missing something obvious at this point.
Short version: Is there a way to generate and boil down an asymmetrically encrypted hash to a reasonable number of unambiguous, human readable characters?
Long version:
I want to generate license keys for my software. I would like these keys to be of a reasonable length (25-36 characters) and easily read and entered by a human (so avoid ambiguous characters like the number 0 and the capital letter O).
Finally--and this seems to be the kicker--I'd really like to use asymmetric encryption to make it more difficult to generate new keys.
I've got the general approach: concatenate my information (user name, product version, a salt) into a string and generate a SHA1() hash from that, then encrypt the hash with my private key. On the client, build the SHA1() hash from the same information, then decrypt the license with the public key and see if I've got a match.
Since this is a Mac app, I looked at AquaticPrime, but that generates a relatively large license file rather than a string. I can work with that if I must, but as a user I really like the convenience of a license key that I can read and print.
I also looked at CocoaFob which does generate a key, but it is so long that I'd want to deliver it as a file anyway.
I fooled around with OpenSSL for a while but couldn't come up with anything of a reasonable length.
So...am I missing something obvious here? Is there a way to generate and boil down an asymmetrically encrypted hash to a reasonable number of unambiguous, human readable characters?
I'm open to buying a solution. But I work on a number of different of platforms, so I'd want something portable. Everything I've looked at so far has been platform specific.
Many, many thanks for a solution!
PS - Yes, I know it will still be cracked. I'm trying to come up with something reasonable that, as a user, I would still find friendly.