2

I am using C# and have a key the users enters to activate my program. I do not want the user to be able to see the key once it is entered. Do you have any recommendations for how/where to store it?

fbrereto
  • 35,429
  • 19
  • 126
  • 178
Armen Khachatryan
  • 831
  • 3
  • 22
  • 37
  • where to save kay? i do not want that user see that key – Armen Khachatryan Sep 01 '09 at 06:01
  • 2
    What key? What program? “Activation”? You don’t make any sense. Please give more detail about what it is you are trying to do, what you already have done, and what exactly you have problems with. – Bombe Sep 01 '09 at 06:04
  • Bombe I have activation form from my program, now i do not know where to save that activation key,(when program run checks that activation key). – Armen Khachatryan Sep 01 '09 at 06:07
  • Instead of giving these as comments please edit your question with these points to make it clear. – rahul Sep 01 '09 at 06:08
  • Guys, I think he means the product key which the users use it to activate the application. – Shoban Sep 01 '09 at 06:17

5 Answers5

5

You can save the key as a seperate file. Encrypt the key and save it. So even if the user tries to tamper with it then you can deactivate the application.

You might be interested in this project in codeplex: http://licenser.codeplex.com/

Edit : Some questions for you to check.

  1. Where should I store my activation key

  2. Best way to generate activation codes for software?

  3. Best activation key software for .NET application?

Community
  • 1
  • 1
Shoban
  • 22,920
  • 8
  • 63
  • 107
  • very thanks, you understand me, yeeeeeeeeee:) it is ok, and is not way to save that key IN program? (not seperate file) – Armen Khachatryan Sep 01 '09 at 06:20
  • Why not store it in a seperate file? – Shoban Sep 01 '09 at 06:34
  • Thats is why I asked to enrypt ;-) . Thats the easiest way than storing it in the exe. – Shoban Sep 01 '09 at 06:43
  • More over.. Everytime when the application starts you can check this file and see if the key is valid if not deactivate again. – Shoban Sep 01 '09 at 06:44
  • Encrypting is useless, because now you've just moved your problem to where to store the key for that encryption algorithm. – Noon Silk Sep 01 '09 at 06:54
  • I recommend not to check the key at startup, but at random time intervals. This is a lot more painful for the user cheating you. If you're a bastard, you may shutdown the application without saving anything. – Scoregraphic Sep 01 '09 at 07:06
  • @silky .. Oh yeah ;-) @Armen, Check out the codeplex project I mentioned. It has some machine specific key as well i think. – Shoban Sep 01 '09 at 07:14
0

You can certainly store a key in the resource of an Excutable, its quite long procedure, there are couple of APIs available like OpenResource, GetResourceData and UpdateResource, resources are not accessible easily unless you have visual studio tools installed.

But you cant modify the resources of the executable that is currently running, but you can create different activation program that can load your main executable, modify resource and save it.

Akash Kava
  • 39,066
  • 20
  • 121
  • 167
  • "But you cant modify the resources of the executable" I want write key to that file:( – Armen Khachatryan Sep 01 '09 at 06:33
  • I wonder what prevents the user from copying the file to another pc after it has been "branded" ? Or are you planning to add some MAC address or other hardware information in the file besides the key? – AndersK Sep 01 '09 at 06:59
0

Assuming a Windows machine is running your application, you can also use the registry to store your encrypted key (maybe MD5?).

That way it is not in a "file" that can be viewed by the user (although it can be viewed/changed/deleted by the user).
In my opinion users (standard ones...) tend not to look in the registry - you can hide your key there.

Actually, @Shoban's first link where-should-i-store-my-applications-activation-key has more discussion on this issue - you should read it...

Community
  • 1
  • 1
Dror
  • 7,255
  • 3
  • 38
  • 44
0

I know it's more like for cryptographic keys - but what about windows key container?

Arnis Lapsa
  • 45,880
  • 29
  • 115
  • 195
0

Forget about trying to obscure where you save the license key - you won't be able to stop determined users, and you'll only piss off sysadmins if you try to store license information in "strange" places. Forget everything about trying to store in your running executable, it's hard to do in a foolproof way, and will trigger a lot of antivirus software.

If you want something that's tamper-resistant, go for one of the commercial solutions; sorry if this sounds harsh, but you're not going to come up with anything that's even remotely difficult to break, considering you're asking a question like this.

snemarch
  • 4,958
  • 26
  • 38