WinRAR uses an ECC-based signature algorithm to generate rarreg.key
. The algorithm it used is a varient of Chinese SM2 digital signature algorithm. Different to many standard ECDSAs, the curve that WinRAR selected is a curve over composite field .
Elements in ground field are represented with standard basis, i.e. polynomial basis. The irreducible polynomial is
where each coefficients is in . If we use
as the standard basis of the ground field, an element in can be denoted as
The irreducible polynomial of composite field is
where each coefficients is in . If we use
as the standard basis of the composite field, an element in can be denoted as
For clarity, we use , which is a 255-bits-long integer to denote an element in . The map between them is
The equation of the elliptic curve that WinRAR uses is
We use
to denote a message whose length is . So the SHA1 value of should be
where are 5 state values when SHA1 outputs. Generally speaking, the final SHA1 value should be the join of these 5 state values while each of state values is serialized in big-endian.
However, WinRAR doesn't serialize the 5 state values. Instead, it use a big integer as the hash of the input message.
We use to denote private key, to denote public key. So there must be
If we use to denote the hash of input data, WinRAR use the following algorithm to perform signing:
<img src="http://latex.codecogs.com/svg.latex?r%3D%28%28Rnd%20%5Ccdot%20G%29_x+h%29%5C%20%5C%20Mod%5C%20%5C%20n">
where means we take X coordinate of and convert it from to a big integer.
<img src="http://latex.codecogs.com/svg.latex?s%3D%28Rnd-kr%29%5C%20%5C%20Mod%5C%20%5C%20n">
We use
to denote input data whose length is . WinRAR use it to generate private key .
<img src="http://latex.codecogs.com/svg.latex?g_j%3D%5Csum_%7Bi%3D0%7D%5E%7B3%7Dg_%7Bj%2Ci%7D%20%5Ccdot%202%5E%7B8i%7D%20%5Cquad%20%5Cquad%20g_%7Bj%2Ci%7D%5Cin%5B0%2C256%29">
<img src="http://latex.codecogs.com/svg.latex?%5Cbegin%7Baligned%7D%20%5Ctextrm%7BSHA%7D_1%28T%29%26%3DS_0%7C%7CS_1%7C%7CS_2%7C%7CS_3%7C%7CS_4%20%5C%5C%20g_1%26%3DS_0%20%5C%5C%20g_2%26%3DS_1%20%5C%5C%20g_3%26%3DS_2%20%5C%5C%20g_4%26%3DS_3%20%5C%5C%20g_5%26%3DS_4%20%5C%5C%20%5Cend%7Baligned%7D">
<img src="http://latex.codecogs.com/svg.latex?%5Cbegin%7Baligned%7D%20g_1%26%3D%5Ctextrm%7B0xeb3eb781%7D%20%5C%5C%20g_2%26%3D%5Ctextrm%7B0x50265329%7D%20%5C%5C%20g_3%26%3D%5Ctextrm%7B0xdc5ef4a3%7D%20%5C%5C%20g_4%26%3D%5Ctextrm%7B0x6847b9d5%7D%20%5C%5C%20g_5%26%3D%5Ctextrm%7B0xcde43b4c%7D%20%5C%5C%20%5Cend%7Baligned%7D">
Calculate SHA1:
<img src="http://latex.codecogs.com/svg.latex?%5Ctextrm%7BSHA%7D_1%28g_%7B0%2C0%7D%7C%7Cg_%7B0%2C1%7D%7C%7Cg_%7B0%2C2%7D%7C%7Cg_%7B0%2C3%7D%7C%7Cg_%7B1%2C0%7D%7C%7Cg_%7B1%2C1%7D%7C%7C%5Cldots%7C%7Cg_%7B5%2C0%7D%7C%7Cg_%7B5%2C1%7D%7C%7Cg_%7B5%2C2%7D%7C%7Cg_%7B5%2C3%7D%29%3DS_0%7C%7CS_1%7C%7CS_2%7C%7CS_3%7C%7CS_4">
We takes the lowest 16 bits of and donote it as .
<img src="http://latex.codecogs.com/svg.latex?k%3D%5Csum_%7Bi%3D1%7D%5E%7B15%7Dk_i%20%5Ccdot%202%5E%7B16i%7D">
This private key is generated by the algorithm describled in section 5 where the length of data is zero.
The generation of license file rarreg.key
requires 2 arguments:
<img src="http://latex.codecogs.com/svg.latex?U%3Du_0u_1%20%5Cldots%20u_%7Bl-1%7D">
<img src="http://latex.codecogs.com/svg.latex?L%3Dl_0l_1%20%5Cldots%20l_%7Bl-1%7D">
The following is the algorithm to generate rarreg.key
.
The length of should be 64. If less, pad with '0'
until the length is 64.
<img src="http://latex.codecogs.com/svg.latex?Data%5E3%3D%5Ctexttt%7B%2260%22%7D%7C%7CTemp_0%7C%7CTemp_1%7C%7C%5Cldots%7C%7CTemp_%7B47%7D">
The length of should be 64. If less, pad with '0'
until the length is 64.
<img src="http://latex.codecogs.com/svg.latex?UID%3DTemp_%7B48%7D%7C%7CTemp_%7B49%7D%7C%7C%5Cldots%7C%7CTemp_%7B63%7D%7C%7CData%5E0_0%7C%7CData%5E0_1%7C%7CData%5E0_2%7C%7CData%5E0_3">
The bit length of and shall not be more than 240. Otherwise, repeat this step.
If the length of or is less than 60, pad character '0'
until the length is 60.
<img src="http://latex.codecogs.com/svg.latex?Data%5E1%3D%5Ctexttt%7B%2260%22%7D%7C%7CSZ%5E%7Bs_L%7D%7C%7CSZ%5E%7Br_L%7D">
<img src="http://latex.codecogs.com/svg.latex?Temp%3DU%7C%7CData%5E0">
Use the algorithm describled in section 4, with argument and private key describled section 6, to get signature .
The bit length of and shall not be more than 240. Otherwise, repeat this step.
If the length of or is less than 60, pad character '0'
until the length is 60.
Calculate CRC32 value of
The final checksum the complement of CRC32 value.
Then convert the checksum to decimal string . If the length is less than 10, pad character '0'
until the length is 10.
Output with format
A fixed header "RAR registration data"
, taking one line.
Username, taking one line.
License type, taking one line
UID, taking one line, with format:
<img src="http://latex.codecogs.com/svg.latex?%5Ctexttt%7B%22UID%3D%22%7D%7C%7CUID">