Secure LicenseProvider?

Ludwig · Dec 7, 2007

Hi,

I have successfully tried to use my own LicenseProvider; and have
implemented licensing for a class: if the licensefile for a class
exists and a certain Guid is in it, then de class gets a Licence and
can be used by the host app.

However, it's not very secure - the Guid can be viewed by reflection
or by decompiling. Even if I encrypt it, the key can be reverse-
engineered.

Is there a secure way I can implement a LicenceProvider, or is
obfuscation the only way to somewhat protect the assembly?

Thanks!

Ludwig · Dec 7, 2007

Hi,

I have successfully tried to use my own LicenseProvider; and have
implemented licensing for a class: if the licensefile for a class
exists and a certain Guid is in it, then de class gets a Licence and
can be used by the host app.

However, it's not very secure - the Guid can be viewed by reflection
or by decompiling. Even if I encrypt it, the key can be reverse-
engineered.

Is there a secure way I can implement a LicenceProvider, or is
obfuscation the only way to somewhat protect the assembly?

Thanks!

Question: is it possible to encrypt a string using a private key and
decrypt it using a public key??

Peter Bromberg [C# MVP] · Dec 7, 2007

RSA is asymmetric, e.g. it uses a private and a public key.
-- Peter
http://www.eggheadcafe.com
http://petesbloggerama.blogspot.com
http://www.blogmetafinder.com

Ludwig · Dec 8, 2007

RSA is asymmetric, e.g. it uses a private and a public key.
-- Peterhttp://www.eggheadcafe.comhttp://petesbloggerama.blogspot.comhttp://www.blogmetafinder.com

- Tekst uit oorspronkelijk bericht weergeven -

Yes, but I mean encrypting with a private key and decrypting with a
public key.

John Vottero · Dec 8, 2007

Ludwig said:
Hi,

I have successfully tried to use my own LicenseProvider; and have
implemented licensing for a class: if the licensefile for a class
exists and a certain Guid is in it, then de class gets a Licence and
can be used by the host app.

However, it's not very secure - the Guid can be viewed by reflection
or by decompiling. Even if I encrypt it, the key can be reverse-
engineered.

Is there a secure way I can implement a LicenceProvider, or is
obfuscation the only way to somewhat protect the assembly?

This might help:

http://www.codeproject.com/KB/security/xmldsiglic.aspx

LicenseProvider	5	Jan 29, 2004
LicenseManager	1	Jun 14, 2006
Component Licensing Question	1	Sep 26, 2006
delegates for selecting between two, or more, classes	2	May 6, 2014
Prevent Reflection of Private Members	3	Feb 9, 2010
obfuscation & reflection	7	Jan 4, 2005
translate dll/tlb (for Excel as client) from VB.net to C#	1	Nov 23, 2009
Licensing question	1	Sep 20, 2005

Secure LicenseProvider?

Ludwig

Ludwig

Peter Bromberg [C# MVP]

Ludwig

John Vottero

Ask a Question

Similar Threads