views:

209

answers:

3

I'm trying out the Rijndael to generate an encrypted license string to use for our new software, so we know that our customers are using the same amount of apps that they paid for. I'm doing two things:

  1. Getting the users computer name.

  2. Adding a random number between 100 and 1000000000

I then combine the two, and use that as the license number(This probably will change in the final version, but I'm just doing something simple for demonstration purposes).

Here is some sample codez:

 Private Sub Main_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    Dim generator As New Random
    Dim randomValue As Integer
    randomValue = generator.Next(100, 1000000000)


    ' Create a new Rijndael object to generate a key
    ' and initialization vector (IV).
    Dim RijndaelAlg As Rijndael = Rijndael.Create

    ' Create a string to encrypt.
    Dim sData As String = My.Computer.Name.ToString + randomValue.ToString
    Dim FileName As String = "C:\key.txt"

    ' Encrypt text to a file using the file name, key, and IV.
    EncryptTextToFile(sData, FileName, RijndaelAlg.Key, RijndaelAlg.IV)

    ' Decrypt the text from a file using the file name, key, and IV.
    Dim Final As String = DecryptTextFromFile(FileName, RijndaelAlg.Key, RijndaelAlg.IV)

    txtDecrypted.Text = Final


End Sub

That's my load event, but here is where the magic happens:

Sub EncryptTextToFile(ByVal Data As String, ByVal FileName As String, ByVal Key() As Byte, ByVal IV() As Byte)

    Dim fStream As FileStream = File.Open(FileName, FileMode.OpenOrCreate)
    Dim RijndaelAlg As Rijndael = Rijndael.Create
    Dim cStream As New CryptoStream(fStream, _
                                   RijndaelAlg.CreateEncryptor(Key, IV), _
                                   CryptoStreamMode.Write)
    Dim sWriter As New StreamWriter(cStream)

    sWriter.WriteLine(Data)
    sWriter.Close()
    cStream.Close()
    fStream.Close()



End Sub

There is a couple things I don't understand. What if someone reads the text file and recognizes that it is Rijndael, and writes a VB or C# app that decrypts it? I don't really understand all of this code, so if you guys can help me out I will love you all forever.

Thanks in advance

+1  A: 

The method EncryptTextToFile just encrypts a string using the CryptoStream class and RijndaelManaged algorithm. There are other algorithms like TripleDES that can also be used.

Well there will always be ways by which people will decrypt your code. One thing you can do is to store the key(Rjindael) in registry or save it in database first time the application is installed.

Aseem Gautam
Well whats the point of encrypting it, if people can just decrypt it later? Is TripleDES a better option?
broke
No it isn't. Point in encrypting is that 95% of the users wont bother decrypting it. The rest 5% we should not be really worried about. Anyways they wont pay for your software.
Aseem Gautam
+1  A: 

There are a few issues, which may be down to me not understanding what you're hoping to do. How do you plan to use the encrypted value (which contains a random number) for example?

I suspect though that you're making it more complicated than it needs to be, and you may want to store a hashed string on the users computer instead. A hash is (by definition) one way - ie it cant be decrypted.

Edit:

Ok, sticking to your question - the way it is now, you dont seem to be storing the encryption key. So decrypting it later is going to be pretty impossible. Decrypting is only possible if you know the key, so the user will be in the same predicament - cant decrypt without the key. I'd say thats pretty secure, but you might have a bit of an issue using the value!

PaulG
I haven't decided how I'm going to use it yet, I just want it to be safe.
broke
How do i store and encryption key?
broke
+2  A: 

You have stumbled on a very basic problem: It's easy enough to encrypt some data, but how do you transfer the key?

You can take a look at asymmetric encryption (RSA), you could add a signature similar to that of signed assemblies.

A very top-level description:

  1. You generate a key-pair (public and private key) 1 time. Keep the private key secret.
  2. You get UserName, Hash it and encrypt the hash with the Private key.
  3. You send encrypted hash (signature) to the customer as part of your license file.
  4. Your program uses (embedded) public key to decode signature
  5. Your program hashes local Username and compares with decoded version.
  6. Your program decides if it licensed or not and acts accordingly.

The hashing is used to limit the number of bytes to encrypt. For Username you can substitute any data you need (ie Username + EndDate).

Henk Holterman
Okay, so for example if i set my key to something like "omg" then only people with the "omg" key can decrypt it right?
broke
Hmmm a bit confusing, but I'll do some more research. Thanks for the advice though!
broke