Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
9  9106 
Paul wrote:
I want to make it as hard as possible to write
an illegal key generator for my license number
system. I cannot disable the illegally generated
license numbers without also disabling the license
numbers issued to paying customers.
You can if you require users to connect to the Internet to validate
the licence number against your database of live ones*: that might
also give you hints as to whether many different people are using the
same key. It's a bit annoying for users, though (not everybody has an
"always-on" Internet connection, or even Internet access at all) and
might be perceived as invasive.
Eq.
* Yep, somebody could crack it to remove that entire check, but I
don't know what you can do against crackers beyond using some kind of
obfuscator.
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
Could u tell me some of the third party tools that are able to do this?
--
L. A. Jones
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
Any ideas?
With best regards,
Paul Hoepping
Here's one such tool: http://www.redsofts.com/soft/623/141...ectionKit.html
Dave wrote:
Could u tell me some of the third party tools that are able to do this?
--
L. A. Jones
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
>
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
>
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
>
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
>
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
>
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
>
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
>
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
>
Any ideas?
>
With best regards,
Paul Hoepping
Dave wrote:
Could u tell me some of the third party tools that are able to do this?
--
Take a look at Infralution's Licensing System. It uses an RSA based
public key encryption system but is able to keep the license keys
reasonably short. You can download an evaluation version at: http://www.infralution.com/licensing.html
Regards
Grant Frisken
Infralution
>
"Andy" wrote:
Paul, I think there are some 3rd party tools available to help you with
this. You may want to look into them, as they will have already
overcome most of the obsticles that you will encounter (and some you
may not think to anticipate).
Its similar to encryption; its wiser to use already developed
algorithms than try to roll your own.
Andy
Paul wrote:
Hi,
I have spent the last couple of days researching this issue. And I have
also spent time thinking about what is needed.
>
I am distributing my software as shareware. When a customer orders a
license, I send him/her a printed license with a license number that
can be used to unlock certain features in the software.
>
A license number should consist of up to 20 numbers and letters.
Upper/lower case letters should not matter and in order to avoid
misstyping the letters I and O should not appear in the license number.
>
I want to make it as hard as possible to write an illegal key generator
for my license number system. Key generators hurt me most. I cannot
disable the illegally generated license numbers without also disabling
the license numbers issued to paying customers.
>
Cracks are a minor concern. I am updating my software in short
intervals. A crack would only work for a short period of time and users
of such a crack may even become paying customers in order to get the
latest software release.
>
For the license number system, I am looking into asymetric
cryptography. A number is encrypted using my private key. At runtime,
the encrypted license number is decrypted and validated using the
public key.
>
C# and DOTNET have build-in support for the RSA encryption engine. But
RSA requires a minimum key length of 512 bits and the output is padded
to this length. 64 bytes of binary data cannot be used as a printed
license number.
>
Elliptic curves can be used with smaller keys and I expect that results
in smaller encrypted output data. The problem with elliptic curves is
that I am unable to find a usable implementation.
>
Any ideas?
>
With best regards,
Paul Hoepping
Hi Paul,
I do not want to enforce an online activation scheme. The software is a
(small) contact management system intended for professionals and small
companies. Such a software is usually used for many years.
I cannot guarantee that an activation would still be possible in a
couple of years. The activation of Microsoft products is annoying but
you can be reasonable certain that such an activation will be possible
in the future. If I go out of business, activation for my products
would no longer be available and the customers would no longer be able
to reinstall my products.
Thanks to the others for recommending suitable products. I will look
into them and report my findings.
With best regards,
Paul Hoepping.
Paul E Collins schrieb:
Paul wrote:
I want to make it as hard as possible to write
an illegal key generator for my license number
system. I cannot disable the illegally generated
license numbers without also disabling the license
numbers issued to paying customers.
You can if you require users to connect to the Internet to validate
the licence number against your database of live ones*: that might
also give you hints as to whether many different people are using the
same key. It's a bit annoying for users, though (not everybody has an
"always-on" Internet connection, or even Internet access at all) and
might be perceived as invasive.
Eq.
* Yep, somebody could crack it to remove that entire check, but I
don't know what you can do against crackers beyond using some kind of
obfuscator.
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
The length of the key depends on the key strength and the length of any
ProductInfo you include in the key. The shortest keys you can generate
using our system are 8 blocks of 4 letters (ie 32 characters) - with
key strength = 7 and up to 4 characters of product info. The key
strength is basically the length of the password used to encrypt the
key. The password is validated using 1024bit RSA. A key strength of
7 is pretty good but may be susceptible to brute force attacks. A key
strength of 15 will be much stronger and generate keys of 12 x 4 = 48
letters.
Regards
Grant
Paul wrote:
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
Hi Grant,
ohh, I did not understand the dependency on the product info. I will
try again with less product info. Thanks !
Since I am technically interested, I am wondering how you acchieve
these short key length values. Before I started looking for a
commercial product, I did some experiments using the .NET
RsaCryptoServiceProvider class. I had 6 bytes of serial number data.
Using a 512 bit RSA key, the encryption engine produced 64 bytes (= 512
bits) of encrypted data. Reading the documentation, I got the
impression that padding of the data up to the key size is unavoidable.
At that point I started looking to other encryption technologies.
I will reread the documentation and - most likely - buy your product.
With best regards,
Paul Hoepping http://www.hed-dress.de http://www.hed-software.com
Grant Frisken wrote:
The length of the key depends on the key strength and the length of any
ProductInfo you include in the key. The shortest keys you can generate
using our system are 8 blocks of 4 letters (ie 32 characters) - with
key strength = 7 and up to 4 characters of product info. The key
strength is basically the length of the password used to encrypt the
key. The password is validated using 1024bit RSA. A key strength of
7 is pretty good but may be susceptible to brute force attacks. A key
strength of 15 will be much stronger and generate keys of 12 x 4 = 48
letters.
Regards
Grant
Paul wrote:
Hi Grant,
thanks for the link. I have done a first, superfical evaluation. The
Infra Solutions License Key Generator created keys like this one:
9E50-EA54-D5DF-0470-27EC-B356-05C0-F114-FD73-90E8-DCCB-464E-543A-8421-B0B1-E18B-89F9-C3DB-D357-4C9C-910A-A796-2295-31BC
There are 24 Blocks of 4 letters each. The binary data seems to be
presented as hexadecimal numbers. That would mean that this represents
48 Bytes of data. If RSA is being used I would guess that you are using
a 384 bit key.
A 384 bit RSA key is not high security but it would be good enough for
a low profile shareware application like mine. And the price (US$ 80
for the software and US$80 for the source code) is acceptable.
The user would have to enter 96 characters of key data. Using the
letter 0..9 and A..Z that could be reduced to 48 characters. I am
aiming for about 20 characters.
I was hoping for a software using elliptic curves for the encryption.
Elliptic curves require shorter keys. A 128 Bit ECC key has about the
same level of security as a 1024 bit RSA key. If the data is padded up
to the key size, this would result in 16 bytes of binary data.
At the moment your product is at the top of my (short) list of suitable
products.
With best regards,
Paul Hoepping
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Rob Meade |
last post by:
Hi all,
I need to be able to create some license keys for an application. Ideally
these wouldn't be too long in length (ie, easier to remember/type in), but I
would like them to be auto...
|
by: grant |
last post by:
Hi guys:
I am try to build an online query application and would like to
generate xml file like following:
<survey name="Example Survey">
<question type="text" name="Title" required="yes"/>...
|
by: Forrest |
last post by:
Hi,
I'm writing a shareware by VB.NET,the most shareware
control license by input Serial Number or License Key,but
How to control the license in .Net framework?the License
class of .Net framework...
|
by: Zemp Dominik |
last post by:
Hi
I would like to integrate a license mechanism into my application. How can I
do that?
The application should run only 30 days, if the user hasn't a valid license!
Then, he has to insert a...
|
by: P1ayboy |
last post by:
I need advice on how to best to protect software with licenses.
We are developing a windows application that people can purchase and
download off the net, but the software needs to be protected...
|
by: Wayne Wengert |
last post by:
I have some Windows applications developed using VS2005/VB to which I want
to add a licensing system. I am looking for a system that can provide the
following capabilities:
- Allow users to...
|
by: =?Utf-8?B?c2hhaV9ndXlqYW1h?= |
last post by:
is it true that Visual Basic 5.0 is already shareware? I heard rumors of it
circulating around here in the Philippines that it is. If it is, can you
please direct me to a site specifying such, and...
|
by: ard9232 |
last post by:
I"m really really confused on how to do this problem. I need to use math.random and type-casting to print out 20 license plates but I'm just really lost. Can anyone help me out?
Use Java’s...
|
by: Ken Foskey |
last post by:
On Thu, 14 Aug 2008 10:09:01 -0700, raylopez99 wrote:
The facts of the case above are that the person took a whole application
and distributed it after some minor modifications, ie they did not...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
