An effective method for encrypting a license file?

Question

For a web application, I would like to create a simple but effective licensing system. In C#, this is a little difficult, since my decryption method could be viewed by anyone wi

Answer 1

When you implement your signing / verification code, be careful not to put it in a separate assembly. Code Access Security tamper-proofing is now very easy to bypass, as explained in the article CAS Tamper-Proofing is Broken: Consequences for Software Licensing.

Obligatory disclaimer & plug: the company I co-founded produces the OffByZero Cobalt licensing solution.

Answer 2

It appears that the MSDN Samples use default parameters and this results in machine- specific signing such that you cannot sign on one machine and verify on an arbitrary other machine. I modified the logic in those samples to use the keys in my snk on the signing machine and keys from my assembly in the verifying machine. This was done using the logic from the MSDN sample and routines in the (very nicely done) ExcryptionUtils.cs sample linked above.

For signing the file, I used this:

RSACryptoServiceProvider rsaKey = EncryptionUtils.GetRSAFromSnkFile(keyFilePath);

For verifying the file, I used this:

RSACryptoServiceProvider rsaKey = EncryptionUtils.GetPublicKeyFromAssembly
   (System.Reflection.Assembly.GetExecutingAssembly());

BTW: I observed that the XML signature verification ignores XML comments.

Answer 3

or perhaps you want to tie a license to a particular machine, for example by generating the license key based on the md5 value of the c drive of the pc. then your license would be machine specific.