registration key : Java Glossary

home page go to the Java Glossary Home go to the Computer Buyer’s Glossary up jump to foot of page Google search web for more information on this topic
punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2013 2008-08-11 Roedy Green, Canadian Mind Products
registration key
aka licencing key. When you register software, often the vendor will give you a piece of gibberish, called the registration key, that when you enter it into your program unlocks various features and embeds your name into it. Essentially this is the customer’s name encrypted and ASCII-armoured. The program embeds the decryption key, perhaps camouflaged, so in principle a hacker can decode it too. Not only can a hacker decode the registration key, he can remove the need for it entirely from your program. Registration keys are only designed to restrict non-technical users.

You could buy an installer packaging program which will add a registration key to your program, or you could roll your own. Rolling your own adds another level of difficulty to the hacker and reduces the payoff for cracking — all he exploits is you, not everyone who uses Wise or some major installer packager.

Trivial Scheme

An easy-to-program but not very secure scheme works like this: Create a secret key perhaps 256 bytes long made of randomly selected numbers. See the Password Generator for code to do that. Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then XOR the message byte by byte with your secret key and ASCII (American Standard Code for Information Interchange) armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program XORs (exclusive ORs) the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 (Message Digest algorithm 5) checksum.

Symmetric Encryption

An easy-to-program but not very secure scheme works like this: Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then encrypt the message with any symmetric key encryption algorithm ASCII armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program decrypts the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 checksum.

Assymmetric Encryption

For a slightly more sophisticated system, use a public-private key encryption. You can use JCE RSA public-private key encryption, or you can use the lightweight methods I use in the Transporter that don’t require any Java encryption libraries. Then you embed only the public key in the program. Somebody cracking your code still can’t issue licence keys since they don’t know the secret key.

USB (Universal Serial Bus) Flash drives are getting so cheap you can use them as part of your security scheme. You can keep chunks of the program on them.

armouring
Cipher
digest
installer
JCE
MD5
obfuscator
registration key generator student project
USB flash drive
CMP homejump to top

available on the web at:

 http://mindprod.com/jgloss/registrationkey.html
  

optional Replicator mirror
of mindprod.com
on local hard disk J:

 J:\mindprod\jgloss\registrationkey.html
logo
Please email your , letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : feedback email. If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, especially when sending an ad-hominem attack, a rant composed mainly of obscenities or a death threat, please quote the offending passage and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. I can’t very well fix erroneous or ambiguous text if I can’t find it.
Blog
IP:[65.110.21.43]
Your face IP:[50.16.108.167]
You are visitor number 11.