This is just to keep honest customer honest.
views:
291answers:
7
+4
A:
Why don't you just get one from someone else. If you are only willing to put one day in, you aren't going to get a good product.
James Deville
2009-11-12 06:07:17
Well, I was always curious as to how the pro do it so this could be a good chance to learn.
Seymour Cakes
2009-11-12 15:58:32
If the pro decide to write such solution on his own he will spend more than 1 day.
Dmitriy Matveev
2009-11-13 06:09:25
+1
A:
A license key won't stop the customer from installing you software several times unless the key is tied to a hash of the server name etc.
Daniel
2009-11-12 06:08:09
Best not to get into a DRM argument here, i point you to my compilation of reasons why DRM is wrong: http://superuser.com/questions/14224/how-to-explain-drm-cannot-work/14764#14764 That's not to say that you shouldn't protect your program at all, just that more drm - more pain for legitimate users. A license key is usually enough to stop your software from being blatantly pirated.
RCIX
2009-11-12 06:16:42
+1
A:
If you need just pseudo code (what lang / platform ?) You can take the computer MAC address (which suppose to be unique) and build a function that combine it some other computer parameters - and make sure you validate it each time the apps run against your own DB, keeping the user's email in that row.
if anything changes - the software will not work, but the user can request a new key - with the same mail - then you can revoke the old key and give him a new one.
Dani
2009-11-12 06:13:34
What happens if the user changes their mobo or other pertinent param - Not really a good idea, i don't want to have to get a new license key when i upgrade my computer. and what happens if someone else requests a license key with your email? hmm?
RCIX
2009-11-12 06:20:48
A. I don't really beleive in license keys, but it you care enough to use them, then, yes, when the user upgrades his hardware - it is a problem (microsoft had this problem with vista licensing - you will need to reactivate vista if you change MB or sometimes even a Video board), If you only send the license to the email requested - and revoke old license when a new request arrives, the email owner - who is the original owner of the license will have no problems. but you are right that there is a lot to consider when taking this road.
Dani
2009-11-12 07:24:02
correction to the comment. The original owner will have to re-issue a license request.
Dani
2009-11-12 07:25:01
+1
A:
Put the capabilities of the product (number of users, Host IP, date of expiration, whatever) in a plain text file. Sign the file with a public key, then check the signature at runtime.
If they're motivated they can decompile the code, yank out the checks or whatever, but it'll deter tampering, and it'll look all nice and official.
Will Hartung
2009-11-12 06:14:46
Host IP doesn't seem a good parameter, laptops change it twice a day at the very least.
ZJR
2009-11-12 06:17:23
+1
A:
Simplest license generator: An ini file with a seeded checksum, which contains customer name and info about which modules are enabled. It will be quite easy to break for a hacker, but for non-hacker, it's safe. The name must be visible in output from the app that is shown in public, so that other potential customers cannot use the license file.
Lars D
2009-11-12 06:26:28
+2
A:
There's no way you can do a good job in a day and chances are the overall effect will be negative. It'll annoy your loyal and honest customers and it won't stop dishonest ones.
Instead, spend that day in coming up with a way to measure somehow how much piracy your product is getting. Once you know this, you can estimate how much money you are losing and how much effort you really should put into protection or other approaches.
If you still want to do it though, the easiest way is to collect some data unique for the installation (OS user name, email address, CPU/motherboard serial number - whatever you want to tie it to), ask the user to send it to you and generate a license key by encrypting it with your private key. Your software should collect the same pieces of data, decrypt the license with your public key and compare the two blobs.
Franci Penov
2009-11-12 06:28:54
+2
A:
Is there are any operation system limitations? I think following approach will be quite simple:
Choose a way of getting machine id. For example this can be MachineGuid registry entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography. (Generating a unique machine id)
Define features which are you planning to licence and the way to identify them. You can just name them. If your product is simple it can be a feature itself.
Create public/private key pair.
Retrieve customer's machine id in some way. You can ask him to send it manually or you can create a simple utility or it can be a special command in your application.
Combine feature id and machine id in some way and sign result with your private key. For example you can make that combination by concatenation. In that case result string may look like this: "YourApplicationName-12345678-9abc-def0-1234-56789abcdef0"
Signature will be a sequence of bytes, so if you want to pass it in text form you should make some conversion to it. For example you can convert signature to base64 string. The combination of feature id, machine id and signature of their combination will be a licence key!
Include public key in your application distribution and add logic for licence verification. If licence is valid then you should check that it's being used on correct machine and in correct application.
More on public/private key operations here.
Please tell if something is unclear and I will try to provide detailed answer.
EDIT: I'm sure that implementation of all of this can be done in 1 day, but I agree with others who suggest you to use existing solutions. There are plenty for different platforms and programming languages.
Dmitriy Matveev
2009-11-12 06:37:59