实施产品密钥 [英] implementation for product keys
问题描述
我实施在C小的应用程序,这是我想作为共享软件后来卖出一个合理的价格。这将有30天的试用期,这我已经相当肯定的如何实现它启动。
I'm implementing a small application in C, which I would like to sell as shareware for a reasonable price later on. It will start of with a 30-day trial, which I am already quite certain of how to implement it.
我的问题,不过,是我不太清楚如何实现产品密钥验证。我心目中的是,用户可以在我的网页上报名(想了一会儿后的产品),支付产品,并获得通过e AAAAA-BBBBB-CCCCC-DDDDD-EEEEE形式的产品密钥-mail(或通过他的个人资料也许可以在我的网站)。到目前为止,没有任何问题。他/她,然后滴在关键在我的应用程序相应的重点领域和的热潮的应用程序被注册。
The problem I have, though, is that I am not quite sure how to implement the product key verification. What I have in mind is that the customer can sign up on my webpage (after trying the product for a while), pay for the product, and get a product key in the form of aaaaa-bbbbb-ccccc-ddddd-eeeee via e-mail (or maybe available via his profile on my website). No problem so far. He/She then drops the key in the appropriate key fields in my app and boom the app is registered.
从我能到目前为止聚集,人们要么推荐此AES或RSA。说实话,我在大学的另一个方向(不是密码学)和一个密码学类我把前一段时间。但是,从我记得,AES是一种对称加密算法,这将意味着我只会有用于加密和解密,正确的钥匙?我怎么可能再产生数以千计的产品密钥,仍然验证它们在我的应用程序(其中的方式将不需要上网....所以没有检查回来一台服务器)?
From what I could gather so far, people either recommend AES or RSA for this. To be honest, I in another direction in college (not cryptography) and the one cryptography class I took was some time ago. But from what I remember, AES is a symmetric encryption algorithm, which would mean that I would only have one key for encryption and decryption, right? How could I then generate thousands of product keys and still validate them in my app (which by the way won't require internet access....so no checking back with a server)?
所以我猜的RSA将要走的路?但不产生RSA pretty长键(至少比上面所要求的25个字符)?
So I guess RSA would be the way to go? But doesn't RSA produce pretty long keys (at least longer than the required 25 characters from above)?
在另一个线程我读了一些产品甚至不会使用加密产品密钥生成/验证,而只是采用一些检查,如添加2和17字符,并应为总X。
In another thread I read that some products won't even use encryption for the product key generation/verification, but instead just employ some checks like "add the 2. and the 17. character and that should total to x".
什么是去这里最快,最简单,最安全的方法是什么? :-) code样品是糖!
What's the fastest, easiest and most secure way to go here? :-) Code samples would be sugar!
问候,
塞巴斯蒂安
PS:哦......请不要告诉我怎么我的钥匙能够而且将会在某些时候破解.....我知道的,这主要是为什么我不想花很多时间这个问题,但在同一时间不能让它太容易偶尔裂解装置。
P.S.: Oh...and please don't tell me how my key can and will be cracked at some point.....I know about that, which is primarily why I don't want to spend a lot of time with this issue, but at the same time not make it too easy for the occasional cracker.
推荐答案
对称算法是有限的,在与反汇编的新手黑客就可以找到你的钥匙(或者用来生成一个算法),并作出凯基。
Symmetric algorithms are limited, in that any novice cracker with a disassembler can find your key (or the algorithm used to generate one) and make a "keygen".
由于这个原因,非对称密码学是要走的路。基本的premise是这样的:
For this reason, asymmetric cryptology is the way to go. The basic premise is something like this:
- 当用户从你购买一个许可证,你收集有关用户和/或他们的环境特定的身份信息(通常情况下,这只是一个全名,有时一个公司,太) 。
- 您此信息的一个128位的MD5哈希值。
- 使用128位椭圆曲线加密使用的私人的密钥来加密该散列在服务器上。
- psented给用户由字母和数字(加分划线的可读性)25个字符的字符串128位密文可以重新$ P $。请注意,26个字母+ 10位数= 36谨慎的价值观,这36 ^ 25> 2 ^ 128。
- 用户键入该产品密钥到您的注册对话框。客户端软件转换回一个128位的数字(16字节),解密使用EC加密的公共密钥,然后将结果进行比较,以对用户的个人信息的MD5散列,这必须与什么被用于登记
- When the user purchases a license from you, you collect certain identifying details about the user and/or their environment (typically, this is just a full name; sometimes a company, too).
- You make a 128-bit MD5 hash of this information.
- Using a 128-bit Elliptic Curve crypto, encrypt this hash using the private key on the server.
- The 128-bit cipher text can be represented to the user as a 25-character string consisting of letters and digits (plus separating dashes for readability). Notice that 26 letters + 10 digits = 36 discreet values, and that 36^25 > 2^128.
- The user types this product key into your registration dialog. The client software converts it back to a 128-bit number (16 bytes), decrypts that using the public key of your EC crypto, and compares the result to an MD5 hash of the user's personal information, which must match what was used for registration.
这仅仅是基本的想法,当然。有关详细信息和源$ C $ C,请参阅Product基于椭圆曲线密码键。
This is just the basic idea, of course. For more details and source code, see Product Keys Based on Elliptic Curve Cryptography.
这篇关于实施产品密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
