license key validation - encryption/decryption
Gerhard Häring
gh_pythonlist at gmx.de
Wed Dec 5 01:48:26 EST 2001
Le 04/12/01 à 23:21, Gerhard Häring écrivit:
> On Tue, Dec 04, 2001 at 10:48:05PM +0100, Irmen de Jong wrote:
> > > How do i validate it at the customer site that the
> > > "key" installed is valid?
> >
> > You're looking for a secure hash of your license file, to protect the
> > contents of the file from tampering. The sha module can do this for
> > you.
>
> The next problem is where to store the hash.
>
> > Now somehow you need to encode information about that
> > unique customer into your license, so that another customer
> > cannot also use that license file.
> >
> > Perhaps some sort of public-private key scheme would work?
>
> Which doesn't help at all if both keys are available to the potential
> cracker.
Doh! Of course the user would only have access to the private key.
Perhaps also tie the license to the FQDN of the machine.
Gerhard
--
mail: gerhard <at> bigfoot <dot> de registered Linux user #64239
web: http://www.cs.fhm.edu/~ifw00065/ OpenPGP public key id 86AB43C0
public key fingerprint: DEC1 1D02 5743 1159 CD20 A4B6 7B22 6575 86AB 43C0
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))
More information about the Python-list
mailing list