registration key : Java Glossary

*0-9ABCDEFGHIJKLMNOPQRSTUVWXYZ (all)

registration key
aka licencing key. When you register software, often the vendor will give you a piece of gibberish, called the registration key, that when you enter it into your program unlocks various features and embeds your name into it. Essentially this is the customer’s name encrypted and ASCII-armoured. The program embeds the decryption key, perhaps camouflaged, so in principle a hacker can decode it too. Not only can a hacker decode the registration key, he can remove the need for it entirely from your program. Registration keys are only designed to restrict non-technical users.

You could buy an installer packaging program which will add a registration key to your program, or you could roll your own. Rolling your own adds another level of difficulty to the hacker and reduces the payoff for cracking — all he exploits is you, not everyone who uses Wise or some major installer packager.

Trivial Scheme

An easy-to-program but not very secure scheme works like this: Create a secret key perhaps 256 bytes long made of randomly selected numbers. See the Password Generator for code to do that. Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then XOR the message byte by byte with your secret key and ASCII (American Standard Code for Information Interchange) armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program XORs (exclusive ORs) the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 (Message Digest algorithm 5) checksum.

Symmetric Encryption

An easy-to-program but not very secure scheme works like this: Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then encrypt the message with any symmetric key encryption algorithm ASCII armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program decrypts the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 checksum.

Assymmetric Encryption

For a slightly more sophisticated system, use a public-private key encryption. You can use JCE RSA public-private key encryption, or you can use the lightweight methods I use in the Transporter that don’t require any Java encryption libraries. Then you embed only the public key in the program. Somebody cracking your code still can’t issue licence keys since they don’t know the secret key.

USB (Universal Serial Bus) Flash drives are getting so cheap you can use them as part of your security scheme. You can keep chunks of the program on them.


This page is posted
on the web at:

http://mindprod.com/jgloss/registrationkey.html

Optional Replicator mirror
of mindprod.com
on local hard disk J:

J:\mindprod\jgloss\registrationkey.html
logo
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.
no blog for this page
IP:[65.110.21.43]
Your face IP:[54.234.225.23]
You are visitor number