I use a system like this:

• create a string from windows licence key + trial period end date

• generate a hash (Sha/md5) from the string

• convert the trial end date to an int (e.g. Number of days)

• the key becomes trial end date + some part of the hash

• convert the key to only uppercase characters to make it easier to enter

ABCD-DEFG-HIJK...

the validation works like

• convert key to bytes again

• extract trial end date

• create string from windows licence key + trial end date

• hash

• compare hash with rest of key

this makes it difficult enough for my audience.

In all honesty, what you're trying to do is pointless. However much time it takes you to write a validation/encryption/key system, estimate roughly half that for someone to break it. Even if you encrypt the final executable. However, as a delaying measure or a way to decrease the chance of people getting premium support for stolen copies, it will help. Also for simple tracking of buyers. Or for fun. :p

Anyway, there are a few ways you can handle it. A lot of software uses name (and possibly company) string(s) and a hash function to generate a key. This has the advantage of being constant (as long as the name is the same, the hash is, and so the key is). It is also a very simple system, especially if you use a well-known hash such as MD5.

hash = md5(name);

Some fancier apps use an internal function to generate a validation code of some sort, and when you combine that and the given name, you can create (and send back) a hash.

validCode = getCode(name);
hash = myHash(name ^ validCode);

A few use a system-based code (Windows is a good example), where it samples bits of hardware and builds an identifier from that. If you can get ahold of the processor name or speed, or anything else, you can run something like that. The only problem is system changes can render a code invalid, so you can either warn your users (and give away part of the process) or let them find out accidentally (not good).

sysID = processor_name() | ram_Speed();
hash = md5(sysID & name);

You can use any combination of hash functions, data gets, string inputs, boolean operations, etc. One thing to consider is you don't need to be able to reverse the process. As long as you can replicate it with the same results (any good hash function can), you can check the hashed results against each other and make sure it's valid. The more you put in, the more complicated it'll be, but the harder it'll be to crack.

Hopefully that helps with your question.

The answer is that no, there isn't a secure license key algorithm that doesn't require a mathematical diploma to understand.

The best license keys are the ones digitally signed with an asymmetric encryption algorithm. You sign the key data with a private encryption key and embed the signature in the key, and the key validation (which implies signature verification among other things) is done with a public key. This way, no one can create license keys unless they have access to the private key which is...private. The problem is that there are very few (and difficult) algorithms which have sufficiently short signature sizes to be embedded in a product key. RSA is not one of them (signature size for RSA512 is 1024 bits - too much).

You can check out SoftActivate Licensing SDK it uses elliptic curve cryptography to generate short, digitally signed license keys (C++/C# source code is available).

In matters of security, not reusing a well known and tested algorithm and trying to create your own (lacking mathematical knowledge) is suicidal

Disclosure: I completely lack the mathematical degree to create such algorithm, and being frank, I don't personally know anyone who has it

Since any algorithm you make is going to get broken i would do something simple like this:

const string secretMumboJumbo = "sdfkldafskjlfajmkldsfjaewumaskldfladkkldsfklj"

//For you to generate keys
string GenerateLicenceKey(int idNr)
{
    return Sha1Hmac(key=secretMumboJumbo, messageToEncode=idNr)
}

//For clients to check if key is valid, 
bool IsKeyValid(string key)
{
   for(int i=0;i<maxNrOfLicenceKeys;i++)
      if(key == GenerateLicenceKey(i))
         return true;
   return false;
}

Maybe the checking could become too slow because it has to try every possible key but that could also be a good thing to avoid brute forcing.

Most frameworks should have an HMAC-function for SHA1 or some other hash function. Worse case you could replace this with md5(key+id)

Don't take this algorithm too seriously, it's just an example and it can probably be broken very easily as the generation-key has to be included in the client, even though it's hidden in the binary somewhere.

License keys are fairly useless in my honest opinion.
What's to stop your customer from distributing that key to others? Sure you could setup a license key server that records the number of activations but that costs money and what will happen if it goes down or goes away?

In my professional opinion, create a software that is branded uniquely to a user (encrypted inside the program of course). For example, if you goto help -> about of the software then display the person's name, phone, and possibly their address. This way if they upload it to a pirate site of some kind, not only will other people know this guys personal information...but so will you in order to charge him for more licenses or sue him.