Need Licence Key Generator (For Java Product)

R

Ravi Shankar

Dear all,

Can anyone suggest some of the state of the art, best tools for license key
generator?

We are releasing a product, so that we would like to generate license keys,
for evaluation, permanent, high availability etc, thanks

Open source also welcome, prefer proven tools,

Please advise, thanks

Regards,
Ravi
 
G

Guest

Dear all,

Can anyone suggest some of the state of the art, best tools for license
key generator?

We are releasing a product, so that we would like to generate license
keys, for evaluation, permanent, high availability etc, thanks

Open source also welcome, prefer proven tools,

Please advise, thanks

Regards,
Ravi

To generate:

Generate a random Initializing Vector (iv).
Serialize your license data (data).
Calculate a hash of iv + data.
return base64_encode( iv + Encrypt (data + hash) )

To verify:

blob = base64_decrypt( input )
remove the iv from the front of blob
decrypt the rest of blob (leaving only license data).
remove hash from the end
calculate the correct hash of iv + data.
If the real hash doesn't match the hash sent in, it's not a valid license.
deserialize the license data and verify it to your heart's desire.

HTH,
La'ie Techie
 
M

M van Leeuwen

"Decompile the invoking class, remove the verification, compile
the new class and add it back to the jar."

Unless you have some method of _inline_ code in a lot of methods
to do a complex validation of a string from the license data,
use a tool that does something more.

You could try for example



http://freshmeat.net/projects/licensemanager

http://www.agilis-sw.com/ezlm/



But mostly the entrypoint to the licensemanager is vunerable.

With decompilers you can remove those calls from the software.

Obfuscators make it a lot harder, but not impossible.



I haven't seen any products inserting bytecode to prevent this

weakness. Please inform me if you do (pryxan at yahoo).
I also like to have any code which does not decompile or
decompiles to unreadable and unusable code.


Regards,
Michael.

=?UTF-8?b?TMSByrtpZSBUZWNoaWU=?=
 
J

Jesper Nordenberg

L??ie Techie said:
To generate:

Generate a random Initializing Vector (iv).
Serialize your license data (data).
Calculate a hash of iv + data.
return base64_encode( iv + Encrypt (data + hash) )

To verify:

blob = base64_decrypt( input )
remove the iv from the front of blob
decrypt the rest of blob (leaving only license data).
remove hash from the end
calculate the correct hash of iv + data.
If the real hash doesn't match the hash sent in, it's not a valid license.
deserialize the license data and verify it to your heart's desire.

Note that if a symmetric cipher is used this would be a very bad
license algorithm as the key must be included in the licensed software
and could thus easily be used to create valid licenses (no
modifications to the software would be required). An asymmetric cipher
like RSA where the private key is kept secret would be a better
option. However, it's still very easy to modify the software to accept
any license key as valid.

/Jesper Nordenberg
 
R

Ravi Shankar

Hi all,

Thanks for all suggestions and valuable advises. Will try RSA with a private
key, thanks

Regards,
ravi
 
Joined
Jan 30, 2010
Messages
1
Reaction score
0
Another alternative is BeeSoft Abeona at beesoft.eu/products/abeona.

It is license generator for java. License is not simple key, but standard properties file protected by MD5 checksum and RSA cryptography.

But you will need more programming to customize this library for your needs.

Maybe you find it useful.

Eugen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top