View previous topic :: View next topic |
Author |
Message |
Guest
|
Posted: Mon Feb 20, 2006 10:58 pm Post subject: private key? |
|
|
It appears that the licensing library use public/private key encryption (asymmetrical) as I see it uses RSA encryption in the code. If it uses asymmetrical encryption, where is the private key? We wouldn't want to distribute the private key with the application code, right? So, I'm wondering how to go about keeping the private key private.
I don't completely understand the whole encryption world and examining your code to figure it all out would take me a long time. So, perhaps I just don't understand how your library works. |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Tue Feb 21, 2006 8:39 am Post subject: |
|
|
Mmm I am hoping that you are a paid up customer - otherwise you shouldn't be looking at the code. Using a decompiler would definitely be a breach of the license you accepted
We do use public key encryption. The public key used to validate the license keys is in the license parameters XML you paste into your application. The private key never leaves the safety of you computer where it is generated by the license key generator from the password you provide. _________________ Infralution Support |
|
Back to top |
|
|
Guest
|
Posted: Tue Feb 21, 2006 3:56 pm Post subject: |
|
|
Yes, I'm a paying customer. No worries.
I originally set it up using the trial version. I guess I don't recall exactly what I did to set it up. Perhaps I should have checked it out some more to refresh my memory before I posted. However, I am now at my "day job" and thus do not have access to my projects right now.
Basically, what I have been setting up is I created my own "licensing" module that I wanted to be able to reuse in all my projects. I currently have it setup so it can create license keys (instead of using the key generator program) as well as verify keys. I mainly want this because my system will be totally automated. My website will generate keys and email them to the user.
I recently purchased the product and received the souce code so I was just going about adding the code into my "licensing module" so I no longer have to use your DLL.
This got me to thinking...since I can use this module to generate keys, it must have the private key in the code.
Perhaps I am just doing something wrong. I haven't actually implemented this yet, I'm still working on developing it.
I'm now figuring the "private key" must be what is being generated when I call "GenerateLicenseParameters" with a password, right?
Hmm..if that is true, then I am probably not implementing this correctly. Basically, what I am doing is I have a method in my class that I use to generate a new key for me. In this method, I call the "GenerateLicenseParameters" using a unique password depending on the application I'm generating a key for. I use this to set the parameters of the EncryptedLicenseProvider and call GenerateKey to create my new key.
I also have a method to validate the key. I again do a GenerateLicenseParameters and use that value to set the parameters of the EncryptedLicenseProvider. I then call the ValidateLicenseKey method to validate the key.
I may be missing some steps in the above descriptions as I don't have access to my code at the moment. But, that's basically what I'm doing.
So, it now seems to me I must be doing something wrong here. I just downloaded the trial version again here at my "day job" and I see if I used the same password with the "Key Generator" program, I get a different XML key each time. So, I'm not thinking that my above procedure won't work as each time I call "GenerateLicenseParameters", I will get a different key even though my password is the same. Is this correct?
So, it seems what I really need to do is only call "GenerateLicenseParameters" once for each application, right? Or, maybe just once for all my applications - basically one key for the entire company. I then need to protect that key and only use it in applications "in house" to generate they keys.
Ok, writing all this out really has helped me. I think I now understand how this should work and what I'm doing wrong. Please let me know if I'm not on the right track.
Sorry for the stream of consciousness thoughts above. I just wrote things out as they occurred to me.
Thanks,
Mark |
|
Back to top |
|
|
Guest
|
Posted: Tue Feb 21, 2006 4:02 pm Post subject: |
|
|
Ok, I was just looking into this some more and I'm still unsure about this. I was thinking the XML code generated by the "GenerateLicenseParameters" routine was the private key. But, then, where is the public key I need to use the validate the license keys? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Tue Feb 21, 2006 9:54 pm Post subject: |
|
|
The XML contains the public key. In essence you generate a new private key/public key pair each time you call GenerateParameters. The private key is used to encrypt your password. The public key can then be used validate that keys were generated with your password. So you never actually need to use or store the private key. You only need to call GenerateLicenseParameters once (probably from the License Key Generator or License Tracker). If you call it multiple times you will get a new private key/public key pair - but if you haven't changed your password the new parameters will still validate your license keys. We would recommend that you have a different password for each product that you license for maximum security. _________________ Infralution Support |
|
Back to top |
|
|
Guest
|
Posted: Tue Feb 21, 2006 11:54 pm Post subject: |
|
|
Hmm...ok, I'm still confused a bit.
Do I ever see the private key?
If somebody else using the Infralution library uses the same password as I, would license keys generated with it pass validation in my programs? That is, could those keys be used with my program? |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Wed Feb 22, 2006 12:02 am Post subject: |
|
|
No you never see the private key.
Yes if someone knows your password they could generate your keys - so make your password unguessable and reasonably long _________________ Infralution Support |
|
Back to top |
|
|
Guest
|
Posted: Wed Feb 22, 2006 2:25 am Post subject: |
|
|
Ok, I think I understand now.
Thanks! |
|
Back to top |
|
|
|