Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I secure an "enabled functions" license file for my program?

Tags:

c#

encryption

My Application can perform 5 business functions. I now have a requirement to build this into the licensing model for the application.

My idea is to ship a "keyfile" with the application. The file should contain some encrypted data about which functions are enabled in the application and which are not. I want it semi hack proof too, so that not just any idiot can figure out the logic and "crack" it.

The decrypted version of this file should contain for example:

   BUSINESS FUNCTION 1 = ENABLED
   BUSINESS FUNCTION 2 = DISABLED.... etc

Please can you give me some ideas on how to do this?

like image 916
JL. Avatar asked Sep 25 '09 11:09

JL.

2 Answers

While it could definitely be done using Rijndael, you could also try an asymmetric approach to the problem. Require the application to decrypt the small settings file on start up using a public key and only send them new configuration files encrypted using the private key.

Depending on the size of your configuration file, this will cause a performance hit on startup compared to the Rijndael algorithm, but even if the client decompiles the program and gets your public key its not going to matter in regards to the config file since they won't have the private key to make a new one.

Of course none of this considers the especially rogue client who decompiles your program and removes all the checking whatsoever ... but chances are this client won't pay for your product no matter what you do thus putting you in a position of diminishing returns and a whole new question altogether.

like image 150
Streklin Avatar answered Sep 21 '22 09:09

Streklin

Probably the easiest secure solution is to actually use online activation of the product. The client would install your product, enter his key (or other purchase identification -- if you purchase online this could all be integrated, if you are selling a box, the key is more convenient).

You then use this identification to determine what features are available and send back an encrypted "keyfile" (as you term it), but also a custom key (it can be randomly generated, both the key and key file would be stored on your server -- associated with that identification).

You then need to make sure the key file doesn't work on other computers, you can do this by having the computer send back it's machine ID and use that as added salt.

like image 29
Adam Luter Avatar answered Sep 22 '22 09:09

Adam Luter
Sign in to Comment

Related questions

Where can I find WPF Clip Art? [closed]
C# Split byte[] array
Twitter: verifying username and password in C#
Sorting in gridview is not working
C# Compile time way to ensure methods are only called on the UI thread, and others only in a background (non-ui) thread
DirectoryEntry.Invoke("groups",null) not retrieving all groups?
DateTime property in a ConfigurationElement
How to import static class (or static method) into IronPython (or DLR) using C# code(not python)?
Padding error when using RSA Encryption in C# and Decryption in Java
How does GraphicsPath.AddArc use the startAngle and sweepAngle parameters?
How to Implement a Base Class with a Method and yet force the Derived Class to Override it?
Calculate hash without having the entire buffer in memory at once
Silverlight/C# web application - send PDF to client's printer without opening
StringTemplate for runtime code gen?
C#: How to swap the position of two winform controls
Event when Word 2007 changes the theme
Can't seem to handle XMLException?
Problem with Generic Linq OrderBy function
C# code for saving an entire web page? (with images/formatting)
TreeNode Right Click Option

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!