After the user enters his / her license key, my application activates itself with that key (online). How do I store this activated state and the license key so that the next time the user opens the app, the app will know that it is already activated?
A:
You can either use NSUserDefaults or a system of your own devising.
Azeem.Butt
2009-12-25 07:17:38
+1
A:
I've decided to use NSKeyedArchiver because it keeps the data encoded so it's harder to manually access and change sensitive data like license key and activated state.
Chetan
2009-12-25 07:34:56
You might be interested in http://www.cocoadev.com/index.pl?MAKeyedArchiver
RCIX
2009-12-25 10:14:58
That looks useful. I'll try that. I used this tutorial to write the license key and activation information to a file in the user's Application Data folder: http://cocoadevcentral.com/articles/000084.php
Chetan
2009-12-27 01:36:22
+2
A:
I suggest making the key dependent on a user specific thing, ie email or full name or perhaps a machine specific id if necessary. Then you can store it in the NSUserDefaults or a plain dot named file in the users home directory. This without needing to encrypt it or make some crazy obfuscation. There will be piracy be sure about it, I believe this is people who would never pay for anything anyway so you do not actually loose anything. By making the key dependent on a user specific thing makes the user a little more resistant to share it.
About piracy. How far do you think they can go? I made a small tool that worked fine without paying anything. But as a treat for those who would like to support the effort in creating it I added a small feature to change color of the graphs in it for only $5. Well, what did they do? Someone actually reverse engineered the key and they created a keymaker. I admit I didn't put too much effort in obfuscating the algorithm, but hey, I focused more on making it easy for all real nice users to input than making life hard for any cracker. I'm more happy about that they thought my little app was worth the effort to reverse engineer the key for.
Links:
epatel
2009-12-25 10:24:48
+2
A:
I just wrote the users license key and matching email to a file in "~/Library/Application Support/MyApplication/License.myApplicationlicense". I think this is better than using NSUserDefaults because the user will expect to be able to toss their prefs without having anything dramatic happen like having to re-register their application.
The file is just the contents of a NSDictionary written using writeToFile:atomically: and read using dictionaryWithContentsOfFile:. The contents are not encrypted but that is typically not important depending on how your license scheme works.
I would also suggest you take a look at AquaticPrime if you have not done so already. I decided to roll my own license scheme because I wanted license codes and not license files. In the end I feel I would have been better off sticking to AquaticPrime which is much more cryptographically secure than my own license scheme. When I had been using AquaticPrime during my beta I stored the license file in the same location mentioned above.
Jon Steinmetz
2009-12-26 22:41:31
That's exactly what I did, except I used NSKeyedArchiver to encode the data instead of NSDictionary. It adds an extra level of security.As for AquaticPrime, see this:http://toxicsoftware.com/aquaticprime-warning/
Chetan
2009-12-27 01:33:10
It should be pointed out that what is described here is a binary crack to the software. Defending against binary cracks is something that no one has yet solved given that even the iPhone app encryption has been cracked.So you need to decide what you want to accomplish. I propose that you want to keep honest people honest and have a license key generation system that will keep someone from making their own license generator for your app. AquaticPrime accomplishes this with a few caveats. You should compile the code in and obfuscate the public key and methods.
Jon Steinmetz
2009-12-27 02:21:41
+7
A:
Apple provides a comprehensive facility for this kind of requirement. What you want is the Keychain API.
NSResponder
2009-12-26 23:08:42
+1 this is the correct answer. Any sensitive data should be stored in the Keychain. I'd call a user's license key "sensitive" because if they lose it, it's gone.
Dave DeLong
2009-12-27 02:23:53
But I have never seen any software application store its license key in the Keychain. If the user loses the license key, they should have it saved in their email or they should be able to contact customer support. Even the Keychain data can be lost, same as the data in the user's home folder.
Chetan
2009-12-27 18:36:24