By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,623 Members | 1,968 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,623 IT Pros & Developers. It's quick & easy.

Program Licencing

P: 31
Hi Forum,

I have asked questions about this before but my program has came to cross roads where I require more flexibility in my security procedures.

At the moment I generate a specific key based on certain details about the system, and I hash this data to file, which ensures it will only run on this system.

However it has now got to the point where I have a need for providing keys which will carry settings for the program within the key. So that if a customer wants an update its the matter of sending an updated key, which will allow certain areas of the program to be unlocked/locked.

Obviously I can no longer use the hash, as it can't be decrypted. I am looking to use key encryption system, which will allow to encrypt data within a license key. But obviously it brings the problem of where to store Crypt & decrypt key within the program.

A) Store it as variable within the program, but brings the problem of reverse engineering

B) Store key in registry, is still accessible to user.

C) Store in app settings, user can access the file using text editor.

I have been reading about DPApi, its not something I have used before, how secure is it and how do I go about using this. Does it encrypt key using the windows users detail as crypt?

Any suggestions would be greatly appreciated!

Best Regards
Apr 7 '10 #1
Share this Question
Share on Google+
1 Reply

P: 1
Have you considered generating license keys using public key cryptography ? This way you can embed the program settings in your key, and sign the key with a private key. The program will only have to verify the signature with a public key, so the private key will not have to be embedded in the program.

The caveat is that classic public key algorithms like RSA cannot be used because the signature sizes are too big. Elliptic curve cryptography can be a solution.

Here is an article I found that better explains this method:
Nov 17 '11 #2

Post your reply

Sign in to post your reply or Sign up for a free account.