[swdev281634]

I usually use something completely different for that use case. Specifically, ECDsaCng class from the standard library, which implements ECDSA asymmetric cryptoalgorithm.

Generate a key pair, embed public key in your executable, keep private key private.

A license is some JSON or XML or whatever, signed with the private key. If your licenses are permanent, and you don't need different license types, a license is just a signature of some computer ID (like hard drive serial), with that private key.

Unlike the older RSA, ECDSA results in very small signatures, even for very strong curves like NIST P-521. These signatures only take couple lines in Base64 text format.

[layer8]

If your licenses are time-limited, you can use regular X.509 certificates to represent a license (where the subject name signed is the computer ID, and the validity period of the certificate is the validity period of the license). You could even run standard X.509 revocation checks in order to enable blocking of illegally shared keys.

[dogma1138]

You can go a step further and you can embed a key in the license itself that is used to sign any files that the software produces that then would alert someone if they were created with unlicensed software.

AutoDesk software and quite a few other creative tools do that.

So whilst they are fairly easily cracked its quite hard to use that software in a commercial setting.

[SNBS]

I know. It's another kind of licensing. I've created a library specifically for activation keys.