J
JJ
I am getting my head around encryption. Maybe someone can comment on my
approach here - be gentle.
I have written a forms app that I want tied to particular machines. I have
formulated a 'request number' based on the windows serial number and some
other info on that machine.
The user would then send me the request number and I'd encrypt it, and send
back a authorisation number. The user would then type this into the app, the
app would then use the same encryption algorythm to decrypt the
authorisation number and check it against the original request number to
check they match. If they do, the app would be registered for normal use.
My puzzle was how to store the encryption key for the symmetric encryption.
If stored in the application code, it could be reverese engineered, if
stored anywhere else someone could equally track where the program is
writing to, right?
So, I wondered if this would work:
Instead of using symmetric, use asymmetric (Public-Private key). I would
place the public key in the Program Code and keep the private key to myself.
The user sends me their 'request number' I then use the private key to
encrypt the number and produce an authorisation number that I'd send back to
the user. When the user types the authorisation code in, the app uses the
matching public key to decrypt the authorisation code and check if the
request number and authorisation number correspond. If so, the application
is registered.
(I'm using VB2003, .net1.1 - I know .net 2.0 has some improvements when it
comes to key storage/encryption, but unfortunately I am not able to update
yet.)
JJ
approach here - be gentle.
I have written a forms app that I want tied to particular machines. I have
formulated a 'request number' based on the windows serial number and some
other info on that machine.
The user would then send me the request number and I'd encrypt it, and send
back a authorisation number. The user would then type this into the app, the
app would then use the same encryption algorythm to decrypt the
authorisation number and check it against the original request number to
check they match. If they do, the app would be registered for normal use.
My puzzle was how to store the encryption key for the symmetric encryption.
If stored in the application code, it could be reverese engineered, if
stored anywhere else someone could equally track where the program is
writing to, right?
So, I wondered if this would work:
Instead of using symmetric, use asymmetric (Public-Private key). I would
place the public key in the Program Code and keep the private key to myself.
The user sends me their 'request number' I then use the private key to
encrypt the number and produce an authorisation number that I'd send back to
the user. When the user types the authorisation code in, the app uses the
matching public key to decrypt the authorisation code and check if the
request number and authorisation number correspond. If so, the application
is registered.
(I'm using VB2003, .net1.1 - I know .net 2.0 has some improvements when it
comes to key storage/encryption, but unfortunately I am not able to update
yet.)
JJ