Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to implement a simple licensing scheme? [closed]

Tags:

licensing

No offence intended, but let's not discuss that licensing schemes can be cracked (I know that) and that recourse to the law is usually a better deterrent (maybe in your country, but no in all).

Not my choice - I have been told to implement licensing, just good enough to keep casual hackers away.

What might make this slightly different is that the PCs which will run the software won't always have internet access privileges.

When someone buys the product, I can build licensing info into it & deliver an install CD. But, what happens if they want to buy more licenses? I don't want to have to go on site to update the licensing data, but they may not be able to access my server, nor I theirs.

I was thinking of having licenses in external (encrypted) files, each containing a number of licenses and an expiration date. If the user buys more licenses, then I can email out an additional file & their security cleared IT guys can burn it to CD or USB stick and then copy it to the applications data directory.

Does that seem ok? Can you think of something better? Can you see problems? I don't have too much time to implement this.

like image 330
Mawg says reinstate Monica Avatar asked Nov 20 '10 03:11

Mawg says reinstate Monica


1 Answers

I use asymmetric cryptography with elliptic curves. To generate a new license key, hash user name (or email, possibly with some app ID appended), sign the hash with your private key and encode with base-32 to get a nice key like HQYRV-OZFNZ-M3L7B-WA644-CXLG4-D7IRD-QZ6FY-GJGTO-MEXEG.

To validate the license, hash the user name as above and verify signature of the hash with your public key.

This has numerous advantages: the key is relatively short (thanks to using EC instead of RSA/DSA), the key is “random” in that a different one is generated every time for the same user name, and, crucially, there’s no keygen code in the application and a cracker cannot write a keygen without getting hold of your private key.

I have a library for doing this on GitHub: https://github.com/vslavik/ellipticlicense (it’s a fork of now-dead Objective-C project, I added portable C API and made some other improvements).

like image 166
Václav Slavík Avatar answered Nov 16 '22 17:11

Václav Slavík