I have a XML file describing the name of the company the product is licensed for, the version and some extra information.
Looking something like this
<Licence>
<Name>sdfsdf</Name>
<Version>1.2.1.1</Version>
<NumberOfServer>4</NumberOfServer>
</Licence>
I then sign this fiel using a private key and get
<Licence>
<Name>sdfsdf</Name>
<Version>1.2.1.1</Version>
<NumberOfServer>4</NumberOfServer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>M368eFB9ydifttSxX26sB6XiPV4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>TTYP6d+zESn6/2PtL5ikN+7E9u8Njm32vYVyVANC5U0EGLBwS//3yPjUoBx3glJXHClzPQBQEUi0LJNauTFvo1IBYwLjAuaYGtleti4IXpjrQCVaIudETSv5Z7oB8+C/+nsqsC26fXf9vWxvaKXJJzcep88r0wIfVe31HSd18FU=</SignatureValue>
</Signature>
</Licence>
I then ship the public key in the application and read the file to make sure they have the right version and "NumberOfServers" as the license key is for.
What are the downsides of this approach?
Thanks