是否可以为我的电子应用程序创建产品密钥? [英] Is it possible to create product keys for my electron application?
问题描述
我想构建一个桌面应用程序并能够发布产品密钥或序列号.在用户可以使用该应用程序之前,他将被要求输入产品密钥/序列号.
I want to build a desktop application and be able to publish product keys or serial numbers.Before the user can use the application he will be requested to enter the product key/serial number.
在提供 XXXX-XXXX-XXXX-XXXX 等键时类似于 Microsoft Office
Similar to Microsoft Office when they provide keys like XXXX-XXXX-XXXX-XXXX
我的想法是根据许可证销售应用程序并为每台设备提供产品密钥似乎比帐户(用户名和密码)更专业.
The idea I have is to sell the app based on licenses and providing product key for every device seems more professional than accounts (usernames and passwords).
所以我的问题是:
1) 有没有可能用 electron 来完成这个?
1) Is it possible to accomplish this with electron?
2) 你能告诉我我应该选择序列号(如果可行的话)还是帐户?还是有更好的选择?
2) Can you advice me wether I should go for serial numbers (if it is doable) or accounts? or are there better options?
3) 如果您回答了第二个问题.请说明原因?
3) if you answered the second question. Please state why?
推荐答案
2021 年我想修改这个答案,因为它引起了很多关于我在许可证密钥和用户帐户之间进行的比较的询问.以前我几乎总是建议使用用户帐户来授权 Electron 应用程序,但后来我改变了自己的立场,变得更加细致入微.对于大多数 Electron 应用程序,许可证密钥就可以了.
Edit for 2021: I'd like to revise this answer, as it has generated a lot of inquiries on the comparison I made between license keys and user accounts. I previously would almost always recommended utilizing user accounts for licensing Electron apps, but I've since changed my position to be a little more nuanced. For most Electron apps, license keys will do just fine.
向 Electron 应用程序添加许可证密钥(与产品密钥同义)验证非常简单.首先,您希望以某种方式为每个用户生成一个许可证密钥.这可以使用密码学来完成,或者可以通过生成随机"许可证密钥字符串并将其存储在数据库中,然后构建可以验证给定许可证密钥是否有效"的 CRUD 许可服务器来完成.
Adding license key (synonymous with product key) validation to an Electron app can be pretty straight forward. First, you would want to somehow generate a license key for each user. This can be done using cryptography, or it can be done by generating a 'random' license key string and storing it in a database and then building a CRUD licensing server that can verify that a given license key is "valid."
对于加密许可证密钥,您可以从客户那里获取一些信息,例如他们的订单号或电子邮件地址,并使用 RSA 加密技术为其创建签名".使用 Node,看起来像这样:
For cryptographic license keys, you can take some information from the customer, e.g. their order number or an email address, and create a 'signature' of it using RSA cryptography. Using Node, that would look something like this:
const crypto = require('crypto')
// Generate a new keypair
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
// Using a larger key size, such as 2048, would be more secure
// but will result in longer signatures.
modulusLength: 512,
privateKeyEncoding: { type: 'pkcs1', format: 'pem' },
publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
})
// Some data we're going to use to generate a license key from
const data = 'user@store.example'
// Create a RSA signer
const signer = crypto.createSign('rsa-sha256')
signer.update(data)
// Encode the original data
const encoded = Buffer.from(data).toString('base64')
// Generate a signature for the data
const signature = signer.sign(privateKey, 'hex')
// Combine the encoded data and signature to create a license key
const licenseKey = `${encoded}.${signature}`
console.log({ privateKey, publicKey, licenseKey })
然后,要在您的 Electron 应用程序中验证许可证密钥,您需要通过将上面生成的公共(而不是私有!)密钥嵌入到您的应用程序代码库中来加密验证"密钥的真实性:
Then, to validate the license key within your Electron app, you would want to cryptographically 'verify' the key's authenticity by embedding the public (not the private!) key generated above into your application code base:
// Split the license key's data and the signature
const [encoded, signature] = licenseKey.split('.')
const data = Buffer.from(encoded, 'base64').toString()
// Create an RSA verifier
const verifier = crypto.createVerify('rsa-sha256')
verifier.update(data)
// Verify the signature for the data using the public key
const valid = verifier.verify(publicKey, signature, 'hex')
console.log({ valid, data })
像这样生成和验证加密签名许可证密钥的真实性将非常适合许多简单的许可需求.它们相对简单,离线工作也很好,但有时验证许可证密钥是否有效"是不够的.有时要求规定许可证密钥不是永久的(即永远有效"),或者他们需要更复杂的许可系统,例如一次只有有限数量的设备(或席位)可以使用该应用程序的许可系统.或者许可证密钥可能需要可更新的到期日期.这就是许可证服务器可以发挥作用的地方.
Generating and verifying the authenticity of cryptographically signed license keys like this will work great for a lot of simple licensing needs. They're relatively simple, and they work great offline, but sometimes verifying that a license key is 'valid' isn't enough. Sometimes requirements dictate that license keys are not perpetual (i.e. 'valid' forever), or they call for more complicated licensing systems, such as one where only a limited number of devices (or seats) can use the app at one time. Or perhaps the license key needs a renewable expiration date. That's where a license server can come in.
许可证服务器可以帮助管理许可证的激活、到期等事项,例如用于将多个许可证或功能许可证与单个用户或团队相关联的用户帐户.我不推荐用户帐户,除非您对它们有特定需求,例如您需要额外的用户配置文件信息,或者您需要将多个许可证与单个用户相关联.
A license server can help manage a license's activation, expirations, among other things, such as user accounts used to associate multiple licenses or feature-licenses with a single user or team. I don't recommend user accounts unless you have a specific need for them, e.g. you need additional user profile information, or you need to associate multiple licenses with a single user.
但是,如果您不是特别热衷于编写和维护自己的内部许可系统,或者您只是不想像上面那样编写自己的许可证密钥生成器,那么我就是创始人一个名为 Keygen 的软件许可 API,它可以帮助您快速启动和运行,而无需编写和托管您自己的许可服务器.:)
But in case you aren't particularly keen on writing and maintaining your own in-house licensing system, or you just don't want to deal with writing your own license key generator like the one above, I’m the founder of a software licensing API called Keygen which can help you get up and running quickly without having to write and host your own license server. :)
Keygen 是一种典型的 HTTP JSON API 服务(即,您无需将任何软件与您的应用打包在一起).它可以用于任何编程语言以及 Electron 等框架.
Keygen is a typical HTTP JSON API service (i.e. there’s no software that you need to package with your app). It can be used in any programming language and with frameworks like Electron.
在最简单的形式中,使用 Keygen 验证许可证密钥就像点击单个 JSON API 端点一样简单(随意在终端中运行它):
In its simplest form, validating a license key with Keygen is as easy as hitting a single JSON API endpoint (feel free to run this in a terminal):
curl -X POST https://api.keygen.sh/v1/accounts/demo/licenses/actions/validate-key
-d '{
"meta": {
"key": "C1B6DE-39A6E3-DE1529-8559A0-4AF593-V3"
}
}'
我最近整理了一个向 Electron 应用添加许可证密钥验证以及设备激活和管理的示例.您可以在 GitHub 上查看该存储库:https://github.com/keygen-sh/example-electron-license-activation.
I recently put together an example of adding license key validation, as well as device activation and management, to an Electron app. You can check out that repo on GitHub: https://github.com/keygen-sh/example-electron-license-activation.
我希望这能回答您的问题并为您提供一些见解.很高兴回答您的任何其他问题,因为我现在已经为 Electron 应用程序实施了几次许可.:)
I hope that answers your question and gives you a few insights. Happy to answer any other questions you have, as I've implemented licensing a few times now for Electron apps. :)
这篇关于是否可以为我的电子应用程序创建产品密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
