Nice article on serial numbers

Just stumbled across a neat (and, admittedly, old) article that explains how to use the OpenSSL library from code as a way of implementing licensing for an application you write.

OpenSSL keys aren't quite suitable for use as serial numbers (because a 1024-bit key is 128 characters long, and users wouldn't want to type that), but if you have a license URL scheme or a license file implementation, they'll do just fine. You just use your private key to encrypt some data about the license (i.e. user name, number of seats, expiration date), and the app can extract that using the public key. And factoring a private 1024-bit key currently still takes too long to be worthwhile.

This doesn't make your app un-crackable, but will keep key generators off the web. People will need binary patches to remove the licensing code or replace the public key. And whoever is stupid enough to use a binary patch from some shady web site is punished enough already, because they prolly also have lots of viruses and exploits on their machine anyway...

Reader Comments: (RSS Feed)

Kishor Patel writes: Great pointer. Thanks very much.

Comment on this article: Name: E-Mail: (not shown, hashed for Gravatar) Web Site URL: (optional) Comment: (plain text only) Please Enter the following word:

Or E-Mail Uli privately.