Any server keys generated starting today for the Cfx.re platform will have a more defined format, in line with a trend across other services, such as GitHub.
The new format looks a bit like
cfxk_1kDPPvLBZmXOUehqU7utw_4PGjtG, as opposed to the old format which looked like
To be precise, the format is as follows:
$bytes = /* random bytes */; $token = sprintf('cfxk_%s', $base62->encode($bytes)); return sprintf('%s_%s', $token, $base62->encode(hash('crc32b', $token, true)));
It should be noted that this means anonymizing the suffix will still lead to a valid key being able to be derived, and therefore you should still avoid sharing any part of your key.
The new key format makes it more clear to tell an arbitrary string is a Cfx.re license key, and not any other random string. This can be used by auditing tools to prevent keys from being exposed to the public.
No action is required for this change. Optionally, you can re-generate keys for any existing server registrations in case you want to benefit from potential security improvements with the new key format via the ‘Regenerate’ button in the key service.
We are not intending to deprecate old keys now or in the near future.