views:

731

answers:

5

Hi there,

I'm implementing a small application in C, which I would like to sell as shareware for a reasonable price later on. It will start of with a 30-day trial, which I am already quite certain of how to implement it.

The problem I have, though, is that I am not quite sure how to implement the product key verification. What I have in mind is that the customer can sign up on my webpage (after trying the product for a while), pay for the product, and get a product key in the form of aaaaa-bbbbb-ccccc-ddddd-eeeee via e-mail (or maybe available via his profile on my website). No problem so far. He/She then drops the key in the appropriate key fields in my app and boom the app is registered.

From what I could gather so far, people either recommend AES or RSA for this. To be honest, I in another direction in college (not cryptography) and the one cryptography class I took was some time ago. But from what I remember, AES is a symmetric encryption algorithm, which would mean that I would only have one key for encryption and decryption, right? How could I then generate thousands of product keys and still validate them in my app (which by the way won't require internet access....so no checking back with a server)?

So I guess RSA would be the way to go? But doesn't RSA produce pretty long keys (at least longer than the required 25 characters from above)?

In another thread I read that some products won't even use encryption for the product key generation/verification, but instead just employ some checks like "add the 2. and the 17. character and that should total to x".

What's the fastest, easiest and most secure way to go here? :-) Code samples would be sugar!

Regards,

Sebastian

P.S.: Oh...and please don't tell me how my key can and will be cracked at some point.....I know about that, which is primarily why I don't want to spend a lot of time with this issue, but at the same time not make it too easy for the occasional cracker.

+1  A: 

Life is simpler if you simply purchase a solution.

http://www.kagi.com/kagisolutions/index.php

Kagi allows you to collect payments and they help you manage the keys.

S.Lott
nope, sorry, not an option. Estimated price of the app is 4.99€ and Kagi's fees are to high for a product in that price range.
Sebastian
A: 

A guy has blogged about how he handled the question of registration numbers. One of his blog entries is Generating Unique Registration Numbers.

mouviciel
A: 

Yes, RSA and AES are two very different things:

  • RSA is public key cryptography, involving a public key and a private key, and is fairly slow. The primary use is to set up a secure exchange of a symmetric encryption session key.
  • AES is symmetric encryption, which is fast and secure.

Since your app does not communicate over public channels and the use of cryptography is limited to product activation/registration you'll want to go with a symmetric cipher. The benefits of public key ciphers is in key management, which you will be handling on your web site or through email.

Note that you do not have to distribute the same key for every customer. You could generate a hash of some of the registration info and XOR it with something else (a fixed session key, perhaps). Send that to the customer, and the program could generate the same hash and XOR will the key you sent to produce the original fixed key.

Dealing with cryptography is not something to be done lightly. As you mention, you expect this to be cracked. If you're doing your own this will almost certainly happen. You can still use your own implementation to "keep honest people honest," but realize that's as far as you'll get. If you need something stronger then you should purchase a solution after doing thorough research on the solutions.

dwc
A: 

You can check out this Code Project article. It describes an implementation of a a software key based on the MAC address of the machine where the software is executed. The method is not ideal, as the auteur himself admits, and it is a little bit different from what you are looking for, but maybe it can help you.

Dani van der Meer
+10  A: 

Symmetric algorithms are limited, in that any novice cracker with a disassembler can find your key (or the algorithm used to generate one) and make a "keygen".

For this reason, asymmetric cryptology is the way to go. The basic premise is something like this:

  • When the user purchases a license from you, you collect certain identifying details about the user and/or their environment (typically, this is just a full name; sometimes a company, too).
  • You make a 128-bit MD5 hash of this information.
  • Using a 128-bit Elliptic Curve crypto, encrypt this hash using the private key on the server.
  • The 128-bit cipher text can be represented to the user as a 25-character string consisting of letters and digits (plus separating dashes for readability). Notice that 26 letters + 10 digits = 36 discreet values, and that 36^25 > 2^128.
  • The user types this product key into your registration dialog. The client software converts it back to a 128-bit number (16 bytes), decrypts that using the public key of your EC crypto, and compares the result to an MD5 hash of the user's personal information, which must match what was used for registration.

This is just the basic idea, of course. For more details and source code, see Product Keys Based on Elliptic Curve Cryptography.

P Daddy
thanks a lot for the infos. Suppose that I cannot use EEC for some reason....RSA wouldn't lend itself for the 25-character key method, because RSA keys have a min length of 1024 bits, right?
Sebastian
RSA *can* be only 384 bits, but that's still too long for a user-entered key. Even if you differentiated upper- and lower-case (yielding 62 discreet characters), you'd have to have a 65-length key. And RSA at 384 bits is *very* weak, so your private key would likely be compromised anyway.
P Daddy
I see a free implementation of ECC here: http://www.codeproject.com/KB/security/Elliptic_Curves.aspx. I haven't checked to see how good it is. A little digging would surely turn up others. Here's one that's pretty cheap: http://ellipter.com/.
P Daddy
thx! looks good, but unfortunately my key generator runs in ruby and there doesn't seem to be any library out there that supports ECC :-( Guess I have to go for license files (containing the strong 4k-bit RSA cypher) after all :-(
Sebastian
Could your Ruby code not interface with a C module that handled the encryption?
P Daddy
You are right. That is an option as well :-)
Sebastian
Just like a user can find a symmetric key with a disassembler, they can patch your binary to replace the public key used to verify the license information (with one from a key pair they generated themselves). Use whatever is simplest, because if someone wants to break your copy protection, they will. And you don't want to have invested too much effort in it.
erickson
@erickson: I agree that a determined cracker will create a patch if they can't create a keygen, and that no copy protection is secure. However, there are varying degrees of risk. Cracks come in three basic flavors: serials, keygens, and patches/patched binaries. Users far prefer the first, because they don't have to download code. Keygens are fairly easy to virus scan, and patches are the scariest. Patches are also least likely to work after a minor update to the software. If your app requires a patch, that's the best technical security you're going to get.
P Daddy
Yes, I agree. That is a good point: a patch (create by someone who, presumably, is a thief at best) is (or should be) very scary to users.
erickson
Unfortunately the linked article "Product Keys Based on Elliptic Curve Cryptography" has been deleted from CodeProject. Does anybody still have it? I tried archive.org but it doesn't load the sole old version found.
Marc