views:

266

answers:

2

I have made an application in java. Now I want to deliver it to several clients. I want that each client must purchase a serial key to use that software. Without that key, the software shouldn't be run just like other softwares in the market.

How can I do that?

I know that I can't protect it fully. I just want a simple serial key functionality so that it would be hard for non-technical persons and novice programmers to crack the security.

+1  A: 

I've mentioned EasyLicencer (that provides a decent level of protection against reverse engineering) in a previous answer. You'll find some other options in the discussion. For an open source solution, have a look at TrueLicense Library Collection but it might require more work on your side.

Pascal Thivent
+4  A: 

There are off-the-shelf libraries available. (A quick Google search turned up a product called JLicense, for example.) But it's not difficult and also more flexible to implement your own mechanism. One simple approach would be to compute the SHA-1 hash of the customer name plus some hard-coded salt. Encode the result as alphanumeric characters and you've got yourself a license key. Now, when someone goes to install your product, ask for their customer name and the license key. Recompute the hash and compare it to the customer key the user gave you to authenticate the key.

That's just one simple example. There's all kinds of things you can do including encrypting some data and storing it in the key (e.g. an expiration date or subset of unlocked features). You can make it as simple or complicated as you like.

Bear in mind, though, that any solution you come up with can be reverse-engineered by someone with enough skill and motivation, unless you use some kind of distributed authentication system. This is arguably easier to achieve in Java than with native compiled languages like C or C++. Obfuscating the code can help.

Rob H
Is the JLicense distributed authentication system. Can it be reverse-engineered by someone.
Yatendra Goel