ECC keys are like 6 times shorter than RSA keys, for the same strength. One of the most powerful approaches is to use elliptic curve cryptography (with careful implementations to avoid the existing patents). You don't want your license keys to have hundreds of characters. The biggest challenge here is that the classical public key algorithms have large signature sizes. A license key would look like this: BASE32(CONCAT(DATA, PRIVATE_KEY_ENCRYPTED(HASH(DATA)))) This way, even if someone has full access to your product's logic, they cannot generate license keys because they don't have the private key. The product should validate the license keys with the corresponding public key.
The signatures should be part of the license key. Your license keys should be in fact signed "documents", containing some useful data, signed with your company's private key. The answer is simple but technically challenging: digital signatures using public key cryptography. Your support department would thank you for this, and you will have lower costs in this area. You don't want every customer calling the technical support because they don't understand if the key contains a "l" or a "1". If your product is successful, someone will make a key generator in a matter of days from release.Ī license key should be useable on only one computer (or at least you should be able to control this very tightly)Ī license key should be short and easy to type or dictate over the phone. Obfuscating the algorithm or hiding an encryption key within your software is really out of the question if you are serious about controlling licensing.
Only your company should be able to generate license keys for your products, even if someone completely reverse engineers your products (which WILL happen, I speak from experience). Ideally, you would want your license keys to have the following properties: And it's a pity, because for companies, license keys have almost the same value as real cash. There are many ways to generate license keys, but very few of those ways are truly secure.
0 kommentar(er)
