2

Possible Duplicate:
License for C# desktop application

I want to make my program lock after some days of trial use and if a user purchase a license, can use the program for some months.

I dont know a way to do this. An idea is to make a local temp key when the program is installed, and lock it after the days passed(the problem here is that user can change date and time of his computer.. the philosophy of the program is to be used online and offline, so i cant compare dates from my server to the computer).

And the other thing is, how to make a license service. I can generate lots of serial keys and then when a user pays i can give him a serial, and every time the program starts i can check if the serial is in my web service.

Am i in a good road?? Any suggestions?

Community
  • 1
  • 1
ddarellis
  • 3,912
  • 3
  • 25
  • 53
  • Para 2 - used online and office. Para 3 - check if the serial is in my web service. I see an issue there... – David M Jan 18 '12 at 09:23

2 Answers2

2

If this application is written in C# and you want to write your own licencing functionality, you will first need to obfuscate the executable before it is deployed. This is to stop people reading your CIL code (stored in the .exe) with a disassembler.

To licence the software you will want to choose an encryption method. For such encryption a symmetric method is essentially equivalent to an asymmetric method (as you have to provide the key in any case). The encryption method can be chosen using 

public enum EncryptionAlgorithm { Des = 1, Rc2, Rijndael, TripleDes };

for each of the methods and their details, see Wikipedia. The Rijndael encryption algorithm has been designed to replace the aging DES algorithm. Like DES, it is a block cipher. It uses 128-bit, 192-bit or 256-bit keys and is a good choice. In the following I will assume that you will not be storing the encryption key in the code (hard coded) but supply it in a separate file (a ‘product key’); so you will supply two licence files the product key to enable decryption and the encrypted licence file.

Once you have chosen an encryption method, it is common-place to come up with a hash or algorithm to work on the product key/initialisation vector (IV); you take a 128-bit key (for example) and scramble it using some method/transform. The key (that is randomly/pseudo-randomly generated for each user you deploy the software to) is then used to generate the IV.

You then use the 'random' key, the IV and the selected encryption method to encrypt some licence text (that includes licence dates). 

internal ICryptoTransform GetCryptoServiceProvider(byte[] bK, byte[] iVec){ ... }

To decrypt the file using your method you essentially perform the reverse process. One thing to note about licencing, is that you should not spend too much time worrying about people cracking the software. Make it very hard using a method like the above, but don't invest too much time coming up with an ever increasingly complex methodology because if some (admittedly very talented) hacker wants to crack your code it is likely he will. Moreover, you have to assume the user will not break the law and share licence files! I cannot comment from experience on using an external company to run the licencing of your code (I have always written my own), however it is likely to be an expensive option.

I hope this is of some help.

MoonKnight
  • 23,214
  • 40
  • 145
  • 277
  • 1
    *for each of the methods and their details, see Wikipedia* Top advice, considering it's blacked out. – ta.speot.is Jan 18 '12 at 10:21
  • 1
    @Killercam I +1'd your answer btw as its better than my offering. I'd be interested to hear your thoughts on this related question: http://stackoverflow.com/questions/8682525/licensing-wpf-silverlight-and-wp7-assemblies . For desktop apps I'd be happy to use a third party licensing solution, however I have a requirement for a cross-platform WPF SL and WP7 licensed component. Best regards, – Dr. Andrew Burnett-Thompson Jan 18 '12 at 11:56
  • 1
    @Dr.AndrewBurnett-Thompson. I have replied to your post. I hope it is of some help. Note, the method described I have used with success. It was developed after a period of extensive reseach in to how best to deploy our own applications. All the best. – MoonKnight Jan 18 '12 at 12:40
  • "(as you have to provide the key in any case)" Symmetric encryption is definitely not equivalent to asymmetric in a licensing situation. For example signing a license file using RSA (asymmetric) means the public key only is included with your software (to verify the signature). The corresponding private key is used to generate the signature, is nver included with the software. This is the whole point of signing something. On the other hand including a symmetric algorithm key in your software (which you must to decrypt anything) renders the encryption almost pointless. – Ash Oct 18 '12 at 00:03
  • Agreed. As you know, the public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. BUT - how do you propose that the private key is provided to the user in order to decrypt the licence file in a non-web-enabled application?? You have to provide it, this is what makes it equivelant to a symmetric method in this case. – MoonKnight Oct 18 '12 at 09:04
1

Although it highly depends on your exact requirements, target technology (Winforms, WPF, Silverlight etc...) I would suggest using a third party licensing component such as Quick License Manager, Licensing Pro dotNet.

While rolling your own solution is going to be cheaper, the possibility of it being cracked or circumvented is much higher. To use a third party solution means you have an external team or company dedicated to keeping the licensing model secure and more reliable.

Best regards,

Dr. Andrew Burnett-Thompson
  • 20,980
  • 8
  • 88
  • 178
  • Using a third party solution means crackers have already faced the "protection" before, and can re-use their knowledge to break your application much faster :) – snemarch Jan 18 '12 at 10:22
  • @snemarch wise - also a point to consider. I suppose it depends on how good your roll-your-own solution is! – Dr. Andrew Burnett-Thompson Jan 18 '12 at 10:23
  • I think the crucial thing when deploying your own solution is the hash/transform of the 'product key'. Product key provided to code -> some complex hash/transform -> decryption using transformed key. Even with obfuscation using .NET it may be relatively straightforward for an experience hacker to establish the encryption/decryption algorithm used from the CIL. However, using an obscure mathematical hash/transform to manipulate the key before it is used is a powerful part to the process and extends areas of the code which need work arounds/hacks. – MoonKnight Jan 18 '12 at 11:40