Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
9  9125 
Paul wrote:
I want to make it as hard as possible to write
an illegal key generator for my license number
system. I cannot disable the illegally generated
license numbers without also disabling the license
numbers issued to paying customers.
You can if you require users to connect to the Internet to validate
the licence number against your database of live ones*: that might
also give you hints as to whether many different people are using the
same key. It's a bit annoying for users, though (not everybody has an
"always-on" Internet connection, or even Internet access at all) and
might be perceived as invasive.
Eq.
* Yep, somebody could crack it to remove that entire check, but I
don't know what you can do against crackers beyond using some kind of
obfuscator.
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
Could u tell me some of the third party tools that are able to do this?
--
L. A. Jones
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
Here's one such tool: http://www.redsofts.com/soft/623/141...ectionKit.html
Dave wrote:
Could u tell me some of the third party tools that are able to do this?
--
L. A. Jones
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
>
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
>
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
>
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
>
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
>
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
>
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
>
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
>
Any ideas?
>
With best regards,
Paul Hoepping
Dave wrote:
Could u tell me some of the third party tools that are able to do this?
--
Take a look at Infralution's Licensing System. It uses an RSA based
public key encryption system but is able to keep the license keys
reasonably short. You can download an evaluation version at: http://www.infralution.com/licensing.html
Regards
Grant Frisken
Infralution
>
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
>
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
>
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
>
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
>
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
>
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
>
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
>
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
>
Any ideas?
>
With best regards,
Paul Hoepping
Hi Paul,
I do not want to enforce an online activation scheme. The software is a
(small) contact management system intended for professionals and small
companies. Such a software is usually used for many years.
I cannot guarantee that an activation would still be possible in a
couple of years. The activation of Microsoft products is annoying but
you can be reasonable certain that such an activation will be possible
in the future. If I go out of business, activation for my products
would no longer be available and the customers would no longer be able
to reinstall my products.
Thanks to the others for recommending suitable products. I will look
into them and report my findings.
With best regards,
Paul Hoepping.
Paul E Collins schrieb:
Paul wrote:
I want to make it as hard as possible to write
an illegal key generator for my license number
system. I cannot disable the illegally generated
license numbers without also disabling the license
numbers issued to paying customers.
You can if you require users to connect to the Internet to validate
the licence number against your database of live ones*: that might
also give you hints as to whether many different people are using the
same key. It's a bit annoying for users, though (not everybody has an
"always-on" Internet connection, or even Internet access at all) and
might be perceived as invasive.
Eq.
* Yep, somebody could crack it to remove that entire check, but I
don't know what you can do against crackers beyond using some kind of
obfuscator.
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
The length of the key depends on the key strength and the length of any
ProductInfo you include in the key. The shortest keys you can generate
using our system are 8 blocks of 4 letters (ie 32 characters) - with
key strength = 7 and up to 4 characters of product info. The key
strength is basically the length of the password used to encrypt the
key. The password is validated using 1024bit RSA. A key strength of
7 is pretty good but may be susceptible to brute force attacks. A key
strength of 15 will be much stronger and generate keys of 12 x 4 = 48
letters.
Regards
Grant
Paul wrote:
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
Hi Grant,
ohh, I did not understand the dependency on the product info. I will
try again with less product info. Thanks !
Since I am technically interested, I am wondering how you acchieve
these short key length values. Before I started looking for a
commercial product, I did some experiments using the .NET
RsaCryptoServic eProvider class. I had 6 bytes of serial number data.
Using a 512 bit RSA key, the encryption engine produced 64 bytes (= 512
bits) of encrypted data. Reading the documentation, I got the
impression that padding of the data up to the key size is unavoidable.
At that point I started looking to other encryption technologies.
I will reread the documentation and - most likely - buy your product.
With best regards,
Paul Hoepping http://www.hed-dress.de http://www.hed-software.com
Grant Frisken wrote:
The length of the key depends on the key strength and the length of any
ProductInfo you include in the key. The shortest keys you can generate
using our system are 8 blocks of 4 letters (ie 32 characters) - with
key strength = 7 and up to 4 characters of product info. The key
strength is basically the length of the password used to encrypt the
key. The password is validated using 1024bit RSA. A key strength of
7 is pretty good but may be susceptible to brute force attacks. A key
strength of 15 will be much stronger and generate keys of 12 x 4 = 48
letters.
Regards
Grant
Paul wrote:
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Rob Meade |
last post by:
Hi all,
I need to be able to create some license keys for an application. Ideally
these wouldn't be too long in length (ie, easier to remember/type in), but I
would like them to be auto generated and a check made to see whether or not
that key has already been used, something which could generate up to about
10000 keys (or more if the string doesnt have to be too long) would be very
useful.
A combination of letters, numbers, upper and...
|
by: grant |
last post by:
Hi guys:
I am try to build an online query application and would like to
generate xml file like following:
<survey name="Example Survey">
<question type="text" name="Title" required="yes"/>
<question type="text" name="Industry"/>
<question type="radio" name="Education">
<choice value="High school"></choice>
|
by: Forrest |
last post by:
Hi,
I'm writing a shareware by VB.NET,the most shareware
control license by input Serial Number or License Key,but
How to control the license in .Net framework?the License
class of .Net framework will be helpful?
Thanks in advance
Forrest
|
by: Zemp Dominik |
last post by:
Hi
I would like to integrate a license mechanism into my application. How can I
do that?
The application should run only 30 days, if the user hasn't a valid license!
Then, he has to insert a valid lincse to use the application again.
Can anyone help me?
Thanks
|
by: P1ayboy |
last post by:
I need advice on how to best to protect software with licenses.
We are developing a windows application that people can purchase and
download off the net, but the software needs to be protected by licensing.
The software is being written in vb.net v1.1.
If anyone knows any beeter places to post this message, please let me know.
Many thanks
| | |
by: Wayne Wengert |
last post by:
I have some Windows applications developed using VS2005/VB to which I want
to add a licensing system. I am looking for a system that can provide the
following capabilities:
- Allow users to install and run the app for a trial period (e.g. 20 days)
- During the trial period, include a "nagger" message and an option to
"Purchase License"
- The "Purchase License" option would create a machine dependent keycode
(baseed on HDD S/N, etc.) and...
|
by: =?Utf-8?B?c2hhaV9ndXlqYW1h?= |
last post by:
is it true that Visual Basic 5.0 is already shareware? I heard rumors of it
circulating around here in the Philippines that it is. If it is, can you
please direct me to a site specifying such, and if not, please bash this
rumor once and for all.
thank you.
|
by: ard9232 |
last post by:
I"m really really confused on how to do this problem. I need to use math.random and type-casting to print out 20 license plates but I'm just really lost. Can anyone help me out?
Use Java’s type-casting mechanism to write a program that prints 20
“random” license plate numbers, each one consisting of three randomly-
chosen digits followed by three randomly chosen upper-case letters. The
first digit cannot be zero.
|
by: Ken Foskey |
last post by:
On Thu, 14 Aug 2008 10:09:01 -0700, raylopez99 wrote:
The facts of the case above are that the person took a whole application
and distributed it after some minor modifications, ie they did not do
much at all to the whole thing. It was outright theft. How would you
feel if someone stole your application that you were selling and then
distributed it. What is the difference?
Artistic, GPL and LGPL are licenses, Public Domain is a...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
