如何保护加密密钥 [英] How to secure cryptography keys
问题描述
我有一个将被各种用户使用的应用程序,当用户开始使用该应用程序时,它将在安装它的位置生成一个许可文件(加密),并且每次应用程序运行时它将解密文件,将根据验证结果验证所有参数并更新其中的一些参数,并将加密更新的文件。
这是一个真正的问题,给予痛苦,每一个应用程序运行的时间需要加密密钥(AES)来加密和解密,密钥在我的.NET dll中是硬编码的。因此,用户可以提取密钥并更改许可证参数以运行应用程序。
所以我关心的是如何保护文件不被篡改?有什么方法可以将一些重要的许可证参数放在其他位置,而不是将其保存在文件中?如何确保加密密钥的安全和安全免受欺诈活动的影响?申请是完全离线的。
请给我你宝贵的建议和见解。
提前致谢
I have an application which will be used by various users, when user will start using the application it will generate one license file(encrypted) at the location where it is getting installed, and for each time application runs it will decrypt the file, will validate all parameters and update few of them according to the result of validation and will encrypt the updated file.
Here is one real problem giving pain, that every time the application runs it needs encryption keys(AES) to encrypt and decrypt, and the key is hard-coded within my .NET dll. so there is a possibility that user can extract the key and change the license parameters to run the application.
So my concern is how to protect the file from being tampered? Is there any way that i can put few of important license parameters some other location instead of keeping it in file? How to keep the encryption keys secure and safe from fraudulent activities? Application is in purely offline.
Kindly give me your valuable suggestion and insights.
Thanks in advance
推荐答案
简单:不加密。如果你没有加密,就没有密钥,所以无法回复。
相反,使用Hashing - SHA很好 - 它将你从PC收集的许可证信息转换为然后,您将与存储的值进行比较的特定代码。
密钥足够长(随机看起来足够),无法弄清楚它应该用于不同的计算机。和我?我用一堆随机的东西加密看看我的代码忽略了,还有一个标题DES-3512让他们试图解密未加密的数据......
Simple: don't encrypt. If you don't encrypt, there is no key, so no way to work back.
Instead, use Hashing - SHA is good - it converts the "licence info" you collect from the PC into a specific code which you then compare against the stored value.
The key is long enough (and random looking enough) to be impossible to work out what it should be for a different computer. And me? I'd make it look encrypted with a pile of random stuff which my code ignored, and a header saying "DES-3512" to get them trying to decrypt unencrypted data...
As您可能已经注意到,大多数制造商使用以下架构/流程进行许可:
1)用户获得通用安装程序,其中没有任何许可证持有者相关信息。他/她安装了应用程序。
2)在单独的捆绑应用程序中和/或单独的应用程序中有一个代码,它检索系统特定的信息,如OriginalGriff所写的那些(请看这里: 如何获取硬件信息(CPU ID,MainBoard Info,硬盘序列号,系统信息,......) [ ^ ])
3)现在您有多种方法可以将此数据发送给您(任何或所有)。
3a)在线 - 但你说它是离线的
3b)通过网页:你准备一个包含这些信息的文件(加密或实际上没有区别,但是应该定义一个结构,例如可以是XML),用户将它保存到pendrive,然后将它上传到你的服务器上的在线机器
3c)您根据该信息制作一个10-20个字符长的机器特定哈希,并且可以在您的在线网站上手动输入
3d)3b-3c但是您要求用户将信息发送到你通过电子邮件
4)你向你获得的信息添加一些固定数据(盐)并生成哈希。这个哈希是许可证代码本身。
5)你在你或用户选择的频道上发回这个哈希值
6)如果是3b-3c,你需要要求用户在您的应用程序中输入许可证代码,并将其存储在注册表中。在3a的情况下,这可以自动完成。
7)在应用程序启动时,您再次收集所有信息,添加相同的盐,生成哈希值并进行比较。如果匹配,许可证是有效的。
8)如果有一个expiracy,你应该将它存储在注册表中并且在你身边,但是在生成和验证哈希时,你必须添加那也是。
[更新:]
您可以使用PKI添加更高级别的保护,但不能真正用作手动可输入代码。
9)生成一个publik密钥 - 私钥对。将公钥添加到代码中,并为您保留私有代码。
10)生成许可证代码时,使用您的私钥进行签名,并附上签名(您可以合并为一个结构化文件)
11)阅读许可证代码时,首先使用代码中的公钥验证附加的签名。如果验证失败,则无需进一步检查。
[更新2:]
您不能委托您提供实际的职责许可证到链的另一端。因此,如果您的意图永远不会以任何形式与被许可人进行互动,那么这是没有意义的。即使您可以保护文件不被篡改,您的假设的起点也是错误的:用户可以使用原始安装程序将您的应用程序安装为他想要的许多不同系统。并且这不能仅按时完成,在首次安装后不能销毁自身及其所有副本。
As you might have noticed, most of the manufacturers use the following architecture/flow for licensing:
1) User gets a generic installer, without any licensee related information within. He/she installs the application.
2) There is a code within and/or in a separate bundled application, that retrieves the system specific information like the ones OriginalGriff has written about (have a look here: How To Get Hardware Information (CPU ID, MainBoard Info, Hard Disk Serial, System Information , ...)[^])
3) Now you have several ways to send send this data to you (any or all).
3a) Online - but you say it is offline
3b) Via a web page: you prepare a file with those information (either encrypted or not actually makes no difference, but should have defined a structure, can be an XML for example), the user saves it to a pendrive, and uploads it to your server on an online machine
3c) You make a 10-20 character long machine specific hash from that information, and which can be manually entered on your online site
3d) 3b-3c but you ask the user to send the info to you by email
4) You add some fixed data (salt) to the information you got and generate a hash. This hash is the license code itself.
5) You send this hash back on the channel of your or user's choice
6) In case of 3b-3c you need to ask the user to enter the license code in your application, and you store it in the registry. In case of 3a this can be done automatically.
7) On application start, you gather again all info, add the same salt, generate the hash, and compare. If matches, the license is valid.
8) If there is an expiracy, you should store it separetely in the registry and on your side also, but when generating and validating the hash, you have to add that too.
[Update:]
You can add a higher level of protection using PKI, but won't really be usable as manually enterable code.
9) Generate a publik key-private key pair. Add the public key to teh code, and keep the private code for you.
10) When generating the license code, sign it with your private key, and attach the signature (you can combine in a single structured file)
11) When reading the license code, validate the attached signature first using the public key in your code. If the validation fails, no need to check further.
[Update 2:]
You can not delegate your duty to provide the actual license to the other end of the chain. So if your intention was never to interact in any form with the licensee, than that has no sense. Even if you can protect the file from being tampered, the starting point of your assumtion is wrong: the user can use the original installer to install your application as many different systems as he wants. And that can't be made on-time only, that one can't destroy itself and all it's copies after first installation.
I担心你已施加限制(离线),导致你的问题得到你不能的回答。您的问题引起了我的兴趣,并且由于对互联网资源的广泛搜索,我现在得出结论,您需要承认使用在线服务来实现目的。
I fear that you have imposed a restriction (offline) that causes your question to be answered by "you can't". Your question intrigued me and as a result of a rather extensive search of Internet sources, I have now concluded that you need to admit the use of an online service to achieve your ends.
特别感兴趣的是为您的应用添加许可 [ ^ ]。我意识到这个引用直接适用于某类移动应用程序的开发;但是,我相信您可以修改参考文献的内容以满足您的需求。
Of particular interest is Adding Licensing to Your App[^]. I realize that this reference applies directly to the development of a certain class of mobile applications; however, I believe that you can modify the reference's contents to meet your needs.
还有另一个选项,即购买许可方案的许可证。
There is another option and that is to purchase a license for a licensing scheme.
对不起,我无法提供进一步的帮助。祝你好运。
Sorry I can't be of further help. Good luck.
这篇关于如何保护加密密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
