是否可以为我的电子应用创建产品密钥? [英] Is it possible to create product keys for my electron application?
问题描述
我想构建一个桌面应用程序并能够发布产品密钥或序列号.在用户可以使用该应用程序之前,将要求他输入产品密钥/序列号.
类似于Microsoft Office,当它们提供XXXX-XXXX-XXXX-XXXX之类的键时
我的想法是根据许可证出售该应用程序,并为每台设备提供产品密钥似乎比帐户(用户名和密码)更专业.
所以我的问题是:
1)是否可以用 electron 来实现?
2)您能否建议我是否应该使用序列号(如果可行)或帐户?还是有更好的选择?
3)如果您回答了第二个问题.请说明原因?
修改2021年:我想修改这个答案,因为它引起了我对许可证密钥和用户帐户之间的比较的许多查询.以前,我几乎总是建议使用用户帐户来许可Electron应用程序,但此后我将自己的立场改变了一些.对于大多数Electron应用程序来说,许可证密钥就可以了.
将许可证密钥(与产品密钥同义)验证添加到Electron应用程序可能非常简单.首先,您希望以某种方式为每个用户生成一个许可证密钥.这可以使用密码术来完成,或者可以通过生成随机"许可证密钥字符串并将其存储在数据库中,然后构建可以验证给定许可证密钥为有效"的CRUD许可证服务器来完成./p>
对于加密许可证密钥,您可以从客户那里获取一些信息,例如他们的订单号或电子邮件地址,并使用RSA密码术为其创建签名".使用Node,看起来像这样:
const crypto = require('crypto')//生成一个新的密钥对const {privateKey,publicKey} = crypto.generateKeyPairSync('rsa',{//使用较大的密钥大小(例如2048)会更安全//,但会导致签名变长.模数长度:512,privateKeyEncoding:{类型:"pkcs1",格式:"pem"},publicKeyEncoding:{类型:"pkcs1",格式:"pem"},})//我们将用于从中生成许可证密钥的一些数据const data ='user@store.example'//创建RSA签名者常量签名者= crypto.createSign('rsa-sha256')signer.update(数据)//编码原始数据const编码= Buffer.from(data).toString('base64')//为数据生成签名const签名= signer.sign(privateKey,'hex')//结合编码数据和签名以创建许可证密钥const licenseKey =`$ {encoded}.$ {signature}`console.log({privateKey,publicKey,licenseKey}) 然后,要在您的Electron应用程序中验证许可证密钥,您希望通过将上面生成的公共(而非私有!)密钥嵌入到您的应用程序代码库中,以密码验证"密钥的真实性:
//拆分许可证密钥的数据和签名const [已编码,签名] = licenseKey.split('.')const data = Buffer.from(encoded,'base64').toString()//创建RSA验证程序const verifier = crypto.createVerify('rsa-sha256')verifier.update(数据)//使用公钥验证数据的签名const valid = verifier.verify(publicKey,signature,'hex')console.log({有效,数据}) 像这样生成和验证经过密码签名的许可证密钥的真实性,将非常适合许多简单的许可证需求.它们相对简单,并且可以离线很好地工作,但是有时仅验证许可证密钥是有效的"还不够.有时要求表明许可证密钥不是永久性的(即永远有效"),或者它们要求更复杂的许可证系统,例如一个只能有限数量的设备(或席位)一次使用该应用程序的许可证系统.或者,许可证密钥需要可更新的到期日期.这就是许可证服务器可以进入的地方.
许可证服务器可以帮助管理许可证的激活,到期和其他事项,例如用于将多个许可证或功能许可证与单个用户或团队相关联的用户帐户.我不建议您使用用户帐户,除非您有特定的需求,例如您需要其他用户个人资料信息,或者需要将多个许可证与一个用户相关联.
但是如果您不是特别热衷于编写和维护自己的内部许可系统,或者只是不想像上面那样编写自己的许可密钥生成器,我就是创始人名为 Keygen 的软件许可API的帮助,它可以帮助您快速启动并运行,而无需编写和托管自己的许可服务器.:)
Keygen是一种典型的HTTP JSON API服务(即,您无需将其与应用打包在一起).它可以在任何编程语言中以及与Electron之类的框架一起使用.
以最简单的形式,使用Keygen验证许可证密钥就像击中一个JSON API端点一样容易(可以在终端中自由运行):
curl -X POST https://api.keygen.sh/v1/accounts/demo/licenses/actions/validate-key \-d'{元":{键":"C1B6DE-39A6E3-DE1529-8559A0-4AF593-V3"}}' 我最近整理了一个向Electron应用程序添加许可证密钥验证以及设备激活和管理的示例.您可以在GitHub上查看该仓库: https://github.com/keygen-sh/example-electron-license-activation .
我希望能回答您的问题并给您一些见解.很高兴回答您的任何其他问题,因为我现在已经为Electron应用程序实施了几次许可.:)
I want to build a desktop application and be able to publish product keys or serial numbers.Before the user can use the application he will be requested to enter the product key/serial number.
Similar to Microsoft Office when they provide keys like XXXX-XXXX-XXXX-XXXX
The idea I have is to sell the app based on licenses and providing product key for every device seems more professional than accounts (usernames and passwords).
so my questions are:
1) Is it possible to accomplish this with electron?
2) Can you advice me wether I should go for serial numbers (if it is doable) or accounts? or are there better options?
3) if you answered the second question. Please state why?
Edit for 2021: I'd like to revise this answer, as it has generated a lot of inquiries on the comparison I made between license keys and user accounts. I previously would almost always recommended utilizing user accounts for licensing Electron apps, but I've since changed my position to be a little more nuanced. For most Electron apps, license keys will do just fine.
Adding license key (synonymous with product key) validation to an Electron app can be pretty straight forward. First, you would want to somehow generate a license key for each user. This can be done using cryptography, or it can be done by generating a 'random' license key string and storing it in a database and then building a CRUD licensing server that can verify that a given license key is "valid."
For cryptographic license keys, you can take some information from the customer, e.g. their order number or an email address, and create a 'signature' of it using RSA cryptography. Using Node, that would look something like this:
const crypto = require('crypto')
// Generate a new keypair
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
// Using a larger key size, such as 2048, would be more secure
// but will result in longer signatures.
modulusLength: 512,
privateKeyEncoding: { type: 'pkcs1', format: 'pem' },
publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
})
// Some data we're going to use to generate a license key from
const data = 'user@store.example'
// Create a RSA signer
const signer = crypto.createSign('rsa-sha256')
signer.update(data)
// Encode the original data
const encoded = Buffer.from(data).toString('base64')
// Generate a signature for the data
const signature = signer.sign(privateKey, 'hex')
// Combine the encoded data and signature to create a license key
const licenseKey = `${encoded}.${signature}`
console.log({ privateKey, publicKey, licenseKey })
Then, to validate the license key within your Electron app, you would want to cryptographically 'verify' the key's authenticity by embedding the public (not the private!) key generated above into your application code base:
// Split the license key's data and the signature
const [encoded, signature] = licenseKey.split('.')
const data = Buffer.from(encoded, 'base64').toString()
// Create an RSA verifier
const verifier = crypto.createVerify('rsa-sha256')
verifier.update(data)
// Verify the signature for the data using the public key
const valid = verifier.verify(publicKey, signature, 'hex')
console.log({ valid, data })
Generating and verifying the authenticity of cryptographically signed license keys like this will work great for a lot of simple licensing needs. They're relatively simple, and they work great offline, but sometimes verifying that a license key is 'valid' isn't enough. Sometimes requirements dictate that license keys are not perpetual (i.e. 'valid' forever), or they call for more complicated licensing systems, such as one where only a limited number of devices (or seats) can use the app at one time. Or perhaps the license key needs a renewable expiration date. That's where a license server can come in.
A license server can help manage a license's activation, expirations, among other things, such as user accounts used to associate multiple licenses or feature-licenses with a single user or team. I don't recommend user accounts unless you have a specific need for them, e.g. you need additional user profile information, or you need to associate multiple licenses with a single user.
But in case you aren't particularly keen on writing and maintaining your own in-house licensing system, or you just don't want to deal with writing your own license key generator like the one above, I’m the founder of a software licensing API called Keygen which can help you get up and running quickly without having to write and host your own license server. :)
Keygen is a typical HTTP JSON API service (i.e. there’s no software that you need to package with your app). It can be used in any programming language and with frameworks like Electron.
In its simplest form, validating a license key with Keygen is as easy as hitting a single JSON API endpoint (feel free to run this in a terminal):
curl -X POST https://api.keygen.sh/v1/accounts/demo/licenses/actions/validate-key \
-d '{
"meta": {
"key": "C1B6DE-39A6E3-DE1529-8559A0-4AF593-V3"
}
}'
I recently put together an example of adding license key validation, as well as device activation and management, to an Electron app. You can check out that repo on GitHub: https://github.com/keygen-sh/example-electron-license-activation.
I hope that answers your question and gives you a few insights. Happy to answer any other questions you have, as I've implemented licensing a few times now for Electron apps. :)
这篇关于是否可以为我的电子应用创建产品密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
