Infralution Support Forum Index Infralution Support
Support groups for Infralution products
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

private key?

 
Post new topic   Reply to topic    Infralution Support Forum Index -> Licensing Support
View previous topic :: View next topic  
Author Message
Guest






PostPosted: Mon Feb 20, 2006 10:58 pm    Post subject: private key? Reply with quote

It appears that the licensing library use public/private key encryption (asymmetrical) as I see it uses RSA encryption in the code. If it uses asymmetrical encryption, where is the private key? We wouldn't want to distribute the private key with the application code, right? So, I'm wondering how to go about keeping the private key private.

I don't completely understand the whole encryption world and examining your code to figure it all out would take me a long time. So, perhaps I just don't understand how your library works.
Back to top
Infralution



Joined: 28 Feb 2005
Posts: 5027

PostPosted: Tue Feb 21, 2006 8:39 am    Post subject: Reply with quote

Mmm I am hoping that you are a paid up customer - otherwise you shouldn't be looking at the code. Using a decompiler would definitely be a breach of the license you accepted Shocked

We do use public key encryption. The public key used to validate the license keys is in the license parameters XML you paste into your application. The private key never leaves the safety of you computer where it is generated by the license key generator from the password you provide.
_________________
Infralution Support
Back to top
View user's profile Send private message Visit poster's website
Guest






PostPosted: Tue Feb 21, 2006 3:56 pm    Post subject: Reply with quote

Yes, I'm a paying customer. No worries. Smile

I originally set it up using the trial version. I guess I don't recall exactly what I did to set it up. Perhaps I should have checked it out some more to refresh my memory before I posted. However, I am now at my "day job" and thus do not have access to my projects right now.

Basically, what I have been setting up is I created my own "licensing" module that I wanted to be able to reuse in all my projects. I currently have it setup so it can create license keys (instead of using the key generator program) as well as verify keys. I mainly want this because my system will be totally automated. My website will generate keys and email them to the user.

I recently purchased the product and received the souce code so I was just going about adding the code into my "licensing module" so I no longer have to use your DLL.

This got me to thinking...since I can use this module to generate keys, it must have the private key in the code.

Perhaps I am just doing something wrong. I haven't actually implemented this yet, I'm still working on developing it.

I'm now figuring the "private key" must be what is being generated when I call "GenerateLicenseParameters" with a password, right?

Hmm..if that is true, then I am probably not implementing this correctly. Basically, what I am doing is I have a method in my class that I use to generate a new key for me. In this method, I call the "GenerateLicenseParameters" using a unique password depending on the application I'm generating a key for. I use this to set the parameters of the EncryptedLicenseProvider and call GenerateKey to create my new key.

I also have a method to validate the key. I again do a GenerateLicenseParameters and use that value to set the parameters of the EncryptedLicenseProvider. I then call the ValidateLicenseKey method to validate the key.

I may be missing some steps in the above descriptions as I don't have access to my code at the moment. But, that's basically what I'm doing.

So, it now seems to me I must be doing something wrong here. I just downloaded the trial version again here at my "day job" and I see if I used the same password with the "Key Generator" program, I get a different XML key each time. So, I'm not thinking that my above procedure won't work as each time I call "GenerateLicenseParameters", I will get a different key even though my password is the same. Is this correct?

So, it seems what I really need to do is only call "GenerateLicenseParameters" once for each application, right? Or, maybe just once for all my applications - basically one key for the entire company. I then need to protect that key and only use it in applications "in house" to generate they keys.

Ok, writing all this out really has helped me. I think I now understand how this should work and what I'm doing wrong. Please let me know if I'm not on the right track.

Sorry for the stream of consciousness thoughts above. I just wrote things out as they occurred to me. Smile

Thanks,
Mark
Back to top
Guest






PostPosted: Tue Feb 21, 2006 4:02 pm    Post subject: Reply with quote

Ok, I was just looking into this some more and I'm still unsure about this. I was thinking the XML code generated by the "GenerateLicenseParameters" routine was the private key. But, then, where is the public key I need to use the validate the license keys?
Back to top
Infralution



Joined: 28 Feb 2005
Posts: 5027

PostPosted: Tue Feb 21, 2006 9:54 pm    Post subject: Reply with quote

The XML contains the public key. In essence you generate a new private key/public key pair each time you call GenerateParameters. The private key is used to encrypt your password. The public key can then be used validate that keys were generated with your password. So you never actually need to use or store the private key. You only need to call GenerateLicenseParameters once (probably from the License Key Generator or License Tracker). If you call it multiple times you will get a new private key/public key pair - but if you haven't changed your password the new parameters will still validate your license keys. We would recommend that you have a different password for each product that you license for maximum security.
_________________
Infralution Support
Back to top
View user's profile Send private message Visit poster's website
Guest






PostPosted: Tue Feb 21, 2006 11:54 pm    Post subject: Reply with quote

Hmm...ok, I'm still confused a bit.

Do I ever see the private key?

If somebody else using the Infralution library uses the same password as I, would license keys generated with it pass validation in my programs? That is, could those keys be used with my program?
Back to top
Infralution



Joined: 28 Feb 2005
Posts: 5027

PostPosted: Wed Feb 22, 2006 12:02 am    Post subject: Reply with quote

No you never see the private key.

Yes if someone knows your password they could generate your keys - so make your password unguessable and reasonably long
_________________
Infralution Support
Back to top
View user's profile Send private message Visit poster's website
Guest






PostPosted: Wed Feb 22, 2006 2:25 am    Post subject: Reply with quote

Ok, I think I understand now.

Thanks!
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Infralution Support Forum Index -> Licensing Support All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group