Generating licence key & expiry date from C/C++

[Dave]

Hi,

Can anyone suggest a way to generate a licence key from C/C++ program?
I want to create a licence file include an encrypted text and an expiry
date. The private key is hard coded in the program which will be used to
encrypt and decrypt the licence key from the licence text file.
With RSA, I want to hardcode a plain text as a private key in the C/C++
program, and store a signed public-key (the licence key - also include
an expiry date) in the licence file.
Can I use RSA private-public key pair to handle this task?

Thanks
D

 

[Dave]

Hi,

Can anyone suggest a way to generate a licence key from C/C++ program?
I want to create a licence file include an encrypted text and an expiry
date. The private key is hard coded in the program which will be used to
encrypt and decrypt the licence key from the licence text file.
With RSA, I want to hardcode a plain text as a private key in the C/C++
program, and store a signed public-key (the licence key - also include
an expiry date) in the licence file.
Can I use RSA private-public key pair to handle this task?

It seems that this similar to store MD5 encrypted password in a text
file, the user need to enter a plain-text passowrd to authenticate with
the decrypted password from the file. In this sense, the password is
similar to the private key as hardcoded in the C/C++ program.

 

[Kai-Uwe Bux]

Hi,

Can anyone suggest a way to generate a licence key from C/C++ program?
I want to create a licence file include an encrypted text and an expiry
date. The private key is hard coded in the program which will be used to
encrypt and decrypt the licence key from the licence text file.
With RSA, I want to hardcode a plain text as a private key in the C/C++
program, and store a signed public-key (the licence key - also include
an expiry date) in the licence file.
Can I use RSA private-public key pair to handle this task?

Thanks
D

This is not really C++ specific and therefore off topic here. However, here
are my two cents:

Yes, RSA seems appropriate: You could generate *two* RSA public/private key
pairs, one for you and one for the program. Your public key and the private
key of the program go hardcoded into the program. Keep your private key and
the public key of the program to yourself. You will use them to create
license files. Now, the program and you are Alice and Bob in a signed
message echance scheme where the license file is the signed message.

The program will use its private key to decrypt the license file and it
will use your public key to verify the signature.

Note that since you hardcode the keys into your program, they are known to
any attacker. However, an attacker who wants to forge a license file will
need your private key.

There is however a cracking attack: An attacker can replace the hardcoded
keys within the binary by keys of his own and use the corresponding keys to
fake license files. I think this kind of attack can in principle always be
mounted: even if you include some safeguard like checking a hashcode of the
public key before using it, those hashcodes can also be replaced. All you
can do, as far as I can see, is to drive up the costs of an attack.


Best

Kai-Uwe Bux