we use a signed XML license file. It's a simple XML file, that displays what the user has purchased.
The nice thing about this is that it's future compat. You can easily add a product feature, or product line, expiration dates, and feature attributes.
It's easy for our commerce site to create and package licenses on demand, just be sure your private keys never get out. The pros outway the cons here for us, and the biggest problem we can't circumvent, is simply coping the license file.
here is a sample xml file
<?xml version="1.0" encoding="utf-8"?>
<ProductName>
<License>
<LicenseId>20025fb9-5349-46d4-a530-55b0295beaaa</LicenseId>
<CustomerName>[email protected]</CustomerName>
<MajorVersion>2008</MajorVersion>
<Product>Friendly Display Name</Product>
<ProductType>Enterprise</ProductType>
<Features>
<!--Add features here-->
</Features>
<Expires>0001-01-01T00:00:00</Expires>
</License>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>u3{..........}U2jo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QFg1kI{...............}DwDIE=</SignatureValue>
</Signature>
</ProductName>
And we use simple .NET built in API's to do the XML signing, and confirmation that it is singed and valid.
Things I like ...
.. It's easy to read. (for tech support)
.. It's easy to replace
.. Easy to store, in the files system, or in our case, the database, for easy access into and out of the UI. (we have an in place update/upgrade system)
.. it's easy to upgrade. We have a service that takes your old license, and after validation, offers upgrade pricing based on what's already been purchased. Then the commerce system logs the old and new license files for reference.
Things I don't like ...
.. Could be copied, stolen easily