一种加密许可证文件的有效方法？ [英] An effective method for encrypting a license file?

问题描述

对于Web应用程序，我想创建一个简单但有效的许可系统。在C＃中，这是一个有点困难，因为我的解密方法可以被任何人看到由反射器安装。

For a web application, I would like to create a simple but effective licensing system. In C#, this is a little difficult, since my decryption method could be viewed by anyone with Reflector installed.

什么是一些方法加密文件在C＃

What are some methods for encrypting files in C# that are fairly tamper-proof?

推荐答案

这听起来像是要使用公共/私人密码术来签署许可证令牌文件），以便您可以检测篡改。处理它的最简单的方法是执行以下步骤：

It sounds like you want to be using Public/Private cryptography to sign a license token (an XML Fragment or file for example) so you can detect tampering. The simplest way to handle it is to do the following steps:

1）为您的公司生成密钥对。您可以在Visual Studio命令行中使用SN工具执行此操作。语法是：

1) Generate a keypair for your company. You can do this in the Visual Studio command line using the SN tool. Syntax is:

sn -k c:\keypair.snk

2）使用密钥对强烈命名（即签名）您的客户端应用程序。您可以使用应用程序属性页中的签名标签设置此操作

2) Use the keypair to strongly name (i.e. sign) your client application. You can set this using the signing tab in the properties page on your application

3）为您的客户端创建许可证，这应该是一个XML文档，并使用您的私钥。这涉及到简单的计算数字签名，以及完成它的步骤可以在以下位置找到：

3) Create a license for your client, this should be an XML document and sign it using your Private key. This involves simply computing a digital signature and steps to accomplish it can be found at:

http://msdn.microsoft.com/en-us/library/ms229745.aspx

4）在客户端上，检查许可证时，您加载XmlDocument并使用您的公钥验证签名以证明许可证未被篡改。有关如何执行此操作的详细信息，请访问：

4) On the client, when checking the license you load the XmlDocument and use your Public key to verify the signature to prove the license has not been tampered with. Details on how to do this can be found at:

http://msdn.microsoft.com/en-us/library/ms229950.aspx

绕过键分发（即确保您的客户端使用正确的公钥），您实际上可以从签名的程序集本身中拉出公钥。因此，确保您没有另一个密钥分发，即使有人篡改程序集.net框架将死于安全异常，因为强名称将不再匹配程序集本身。

To get around key distribution (i.e. ensuring your client is using the correct public key) you can actually pull the public key from the signed assembly itself. Thus ensuring you dont have another key to distribute and even if someone tampers with the assembly the .net framework will die with a security exception because the strong name will no longer match the assembly itself.

要从客户端程序集中提取要使用类似如下代码的公钥：

To pull the public key from the client assembly you want to use code similar to:

    /// <summary>
    /// Retrieves an RSA public key from a signed assembly
    /// </summary>
    /// <param name="assembly">Signed assembly to retrieve the key from</param>
    /// <returns>RSA Crypto Service Provider initialised with the key from the assembly</returns>
    public static RSACryptoServiceProvider GetPublicKeyFromAssembly(Assembly assembly)
    {
        if (assembly == null)
            throw new ArgumentNullException("assembly", "Assembly may not be null");

        byte[] pubkey = assembly.GetName().GetPublicKey();
        if (pubkey.Length == 0)
            throw new ArgumentException("No public key in assembly.");

        RSAParameters rsaParams = EncryptionUtils.GetRSAParameters(pubkey);
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(rsaParams);

        return rsa;
    }

我已经在Snipt上传了一个带有很多有用的加密实用程序的示例类在： http://snipt.net/Wolfwyrd/encryption-utilities/ 以帮助获得你在你的路上。

I've uploaded a sample class with a lot of helpful Encryption Utilities on Snipt at: http://snipt.net/Wolfwyrd/encryption-utilities/ to help get you on your way.

我还包括一个示例程序： https://snipt.net/Wolfwyrd/sign-and-verify-example/ 。该示例要求您将其添加到具有encryption utils库的解决方案，并提供用于签名的测试XML文件和SNK文件。该项目应设置为使用您生成的SNK进行签名。它演示了如何使用SNK中的私钥对测试XML文件进行签名，然后从程序集上的公钥中进行验证。

I have also included a sample program at: https://snipt.net/Wolfwyrd/sign-and-verify-example/. The sample requires that you add it to a solution with the encryption utils library and provide a test XML file and a SNK file for signing. The project should be set to be signed with the SNK you generate. It demonstrates how to sign the test XML file using a private key from the SNK and then verify from the public key on the assembly.

更新

添加了最新博客文章，其中包含许可证文件

Added an up to date blog post with a nice detailed run through on license files

这篇关于一种加密许可证文件的有效方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！