Menu
I've been trying to figure out a way of stopping people tampering with a license file that gets shipped with my software. I have been looking at RSA and using signing to verify the data.
Now from my understanding I basically have some data (the license file) and I use the RSACryptoServiceProvider's SignData method to create a signature for the data with a public and private key that was created via ExportParameters(true).
Then I would give the license file and the public key with the software so I can verify the data (license) on the client using VerifyData but what is to stop the user creating there own public/private key pair and recreating the data and just overwriting the public key and data?
I've been reading around and doing some googling but I'm still stuck with this, I'm fairly new to encryption and signing also but I need to figure this out.
I'm aware that it's virtually impossible to secure a license like file as if they wanted they could just decompile the code and remove the checks so I'm just wanting to make it harder for them to abuse the software, I don't want them to be able to just make up there own license or move one license to another machine.
Could anyone point me in the right direction or offer some advice?
Thank you.
832
Nothing would stop them. The entire point of applying cryptography to software licensing is to create stronger evidence for use in a court.
Do not spend too much time on making your licencing system hard to circumvent (the more complicated it is, the more people will see it as a challenge), but rather ensure that your paying customers aren't hindered by it.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
