2

I want to use RSA to protect license files in an application. The idea is as follows:

  1. Create a license file (plaintext).
  2. Create an RSA-keypair.
  3. Use the public key to encrypt the license file.
  4. Put the private key in the binary of the application.
  5. The application can then decode the license file and start running.

The thing is that I have to ship the private key with my application. Is that a problem if I keep the public key secret?

If not, what other good (enough) schemes exist to create a license-file system?

Bart Friederichs
  • 33,050
  • 15
  • 95
  • 195

1 Answers1

5

It is possible to recover a public key from a private key, so having the private key embedded in the application would be as good as publishing both the private and public keys in cleartext (modulo the effort of hacking the private key out of the binary).

Many people resort to obfuscation in these situations. Other solutions would be a hardware token, network authentication, or an off-the-shelf license management system.

This might provide some ideas about how other people are using public-key cryptography to create license file systems: http://www.codeproject.com/Articles/203840/RSA-License-Protection

Gian
  • 13,735
  • 44
  • 51
  • I was thinking. Perhaps digital signing could work better? ... (edit: I should read first, that seems to be what you propose in that link ;-P) – Bart Friederichs Jul 10 '12 at 12:43
  • Yep, that would certainly be another good solution. I think the RSA scheme in the link would survive at least casual attempts to circumvent it. – Gian Jul 10 '12 at 12:45