Post-Quantum Cryptography: Future-Proofing Your Software Licenses

Quantum computers pose a fundamental challenge to IT security. In the long term, they threaten the commonly used asymmetric encryption methods such as RSA and ECC. To ensure that the licensing and protection of your software remain secure in the future, Wibu-Systems is working closely with technology partners like Infineon on a smooth, compatible, and crypto-agile transition to post-quantum-capable methods.

Why Quantum Computers Pose a Risk

The asymmetric algorithms used today, such as RSA or ECC, are the cornerstone for signatures, authentication, and license management. However, once powerful quantum computers become available, private keys could be derived from existing public keys. At that point, entire authorization systems would be compromised, as attackers would be able to generate counterfeit but formally valid licenses. The exact timeline of this transformation remains uncertain. But one thing is clear: anyone who begins the migration too late will face the consequences.

Crypto-Agility as a Strategic Principle

The international research community is working intensively on quantum-resistant methods. However, whether today’s front runners will prevail in the long run cannot be predicted with certainty. Systems therefore need to be crypto-agile, meaning they must have the ability to replace cryptographic algorithms during ongoing operation. Only then can new methods be integrated quickly and seamlessly in the future. As an additional safeguard, classical and quantum-resistant methods will be used in combination. Only if both were to bebroken simultaneously could the protected secrets be compromised.

New Libraries and Hardware

Post-quantum cryptography introduces new mathematical methods that require specialized libraries. For CmDongles, this also means that a new chip generation is necessary. In close collaboration with Infineon, the longstanding supplier of current CodeMeter chips, starting in 2027, Wibu-Systems will receive new hardware with certified libraries for postquantum algorithms. Building on this foundation, Wibu-Systems will continue to develop its own firmware that provides the specific CodeMeter functions and can be updated in the field. This ensures that newly certified algorithms can be retrofitted in the future – a decisive factor for crypto-agility.

Implications for Licensing and CodeMeter

Issuing, transferring, and managing licenses with the Universal Firm Code is based on asymmetric cryptography. This makes these mechanisms equally vulnerable to the threats posed by future quantum computers and in need of timely replacement with post-quantum methods. All types of CmContainers are affected – CmDongles, CmActLicenses, and CmCloudContainers – along with every level of the CodeMeter ecosystem, from CodeMeter Embedded to the license server and all the way up to CodeMeter License Central. Instead of a sudden cutover, the transition will unfold gradually over several years. In this process, Wibu-Systems is redeveloping parts of CodeMeter, creating the framework for even greater efficiency, reliability, and performance.

Authenticated API as a Security Anchor

Another central element of the new architecture will be an authenticated API that ensures secure, end-to-end communication from the application to the CmContainer. The basis will be standardized algorithms that provide effective protection against eavesdropping and manipulation of transmitted secrets. To make use of this API, all participating components must support the new cryptographic standard. This includes re-encrypting the application with the current version of CodeMeter Protection Suite, as well as updating the license server and the licenses stored in the CmContainer.

Smooth Migration with Full Compatibility

The transition into the future CodeMeter universe will be seamless. Applications delivered today will remain compatible with future licenses already secured by post-quantum mechanisms. CmCloudContainers will be extended for compatibility by Wibu-Systems, and CmActLicenses can be migrated via CodeMeter License Central or the high-level programming API. For end users, this change will be largely invisible. As a software vendor, however, you will need to familiarize yourself with the new capabilities and, for example, decide when switching to the authenticated API makes sense.

No need to worry: Your existing applications and licenses will remain fully compatible in the future. Wibu-Systems is already working intensively to make post-quantum mechanisms and new security features available on time. Compatibility will be preserved – even older applications will still work with new PQC-secured licenses. At the same time, existing licenses will benefit from improvements in performance and security that also extend to current systems. The migration will happen automatically, ensuring the transition is as smooth and effortless as possible. With post-quantum cryptography, cryptoagility, and a new authenticated API, the entire system will be more resilient against attacks.

 

KEYnote 50 - Edition Fall/Winter 2025