I am using C# and have a key the users enters to activate my program. I do not want the user to be able to see the key once it is entered. Do you have any recommendations for how/where to store it?
+5
A:
You can save the key as a seperate file. Encrypt the key and save it. So even if the user tries to tamper with it then you can deactivate the application.
You might be interested in this project in codeplex: http://licenser.codeplex.com/
Edit : Some questions for you to check.
Shoban
2009-09-01 06:15:30
very thanks, you understand me, yeeeeeeeeee:) it is ok, and is not way to save that key IN program? (not seperate file)
Armen Khachatryan
2009-09-01 06:20:37
Why not store it in a seperate file?
Shoban
2009-09-01 06:34:25
user easyly can see it
Armen Khachatryan
2009-09-01 06:41:18
Thats is why I asked to enrypt ;-) . Thats the easiest way than storing it in the exe.
Shoban
2009-09-01 06:43:43
More over.. Everytime when the application starts you can check this file and see if the key is valid if not deactivate again.
Shoban
2009-09-01 06:44:17
Encrypting is useless, because now you've just moved your problem to where to store the key for that encryption algorithm.
Noon Silk
2009-09-01 06:54:03
I recommend not to check the key at startup, but at random time intervals. This is a lot more painful for the user cheating you. If you're a bastard, you may shutdown the application without saving anything.
Scoregraphic
2009-09-01 07:06:53
@silky .. Oh yeah ;-) @Armen, Check out the codeplex project I mentioned. It has some machine specific key as well i think.
Shoban
2009-09-01 07:14:13
A:
You can certainly store a key in the resource of an Excutable, its quite long procedure, there are couple of APIs available like OpenResource, GetResourceData and UpdateResource, resources are not accessible easily unless you have visual studio tools installed.
But you cant modify the resources of the executable that is currently running, but you can create different activation program that can load your main executable, modify resource and save it.
Akash Kava
2009-09-01 06:26:37
"But you cant modify the resources of the executable"I want write key to that file:(
Armen Khachatryan
2009-09-01 06:33:52
I wonder what prevents the user from copying the file to another pc after it has been "branded" ? Or are you planning to add some MAC address or other hardware information in the file besides the key?
Anders K.
2009-09-01 06:59:52
A:
Assuming a Windows machine is running your application, you can also use the registry to store your encrypted key (maybe MD5?).
That way it is not in a "file" that can be viewed by the user (although it can be viewed/changed/deleted by the user).
In my opinion users (standard ones...) tend not to look in the registry - you can hide your key there.
Actually, @Shoban's first link where-should-i-store-my-applications-activation-key has more discussion on this issue - you should read it...
Dror
2009-09-01 06:43:32
A:
I know it's more like for cryptographic keys - but what about windows key container?
Arnis L.
2009-09-01 06:59:43
+1
A:
Forget about trying to obscure where you save the license key - you won't be able to stop determined users, and you'll only piss off sysadmins if you try to store license information in "strange" places. Forget everything about trying to store in your running executable, it's hard to do in a foolproof way, and will trigger a lot of antivirus software.
If you want something that's tamper-resistant, go for one of the commercial solutions; sorry if this sounds harsh, but you're not going to come up with anything that's even remotely difficult to break, considering you're asking a question like this.
snemarch
2009-09-01 07:21:04