I would recommend: Don't spend too much time on securing your keys. With byte compiled languages it is very easy to decompile and just make the application skip the validation step. No matter how secure your keys are, they don't matter when your validation function always return true. Serial keys are there to keep honest people honest.