[Please note: This article originally appeared on sentientfood.com 2-Feb-2005.]
After the initial publication of the article, feedback came my way indicating there were some problems with the scheme that made it fairly easy to crack. “Fairly easy” is a relative term, of course, and it depends on the skill and the desire of the person doing the cracking and any counter-measures that the developer adds on top of the vanilla code available on this site. That being said, some of the points brought up were definitely valid.
Here are some tips, tricks, and approaches to improve the overall security of the licensing scheme.
[Please note this article originally appeared on sentientfood.com 15-Jan-2005. It has been updated to make links current for the new publishing system, where necessary.]
Be sure to read the 2-Feb-2005 update to this article.
For small software developers, especially shareware developers, creating and managing software license keys can be a real hassle. Most solutions require significant investment in commercial software or in hardware dongles. The freely (or cheaply) available solutions tend to be complicated or incomplete. This article describes what will be, for many, a complete license solution. It is suitable for all types of software, and since most of the sources are included, it is open for inspection/review prior to incorporation.
This article also alludes to (in places) and directly describes (in others) a service built around the concepts presented here. This service brings license management into an affordable realm for even the smallest of development organizations. Relevant information is scattered throughout the article and more details are available at the end, or you can just go straight to the service.
What has gone before
First things first – acknowlegement of the originator of this idea (or at least the concepts this code is derived from) is in order. The article “Using OpenSSL for license keys” from the site SIGPIPE 13 was the most cogent source of information found when the author of this article was researching licensing solutions for his own use.
Without the foundation established by that article, this one (and the functionality it provides) would not exist. Please read that article for more detailed background on the reasoning behind some some of the approaches implemented here. It should be noted that there are no connections between the previous author and this one and the previous author should not be held accountable for any errors in this article.