license key validation - encryption/decryption

Ng Pheng Siong ngps at madcap.dyndns.org
Wed Dec 5 17:23:29 CET 2001


According to Gerhard Häring  <gh_pythonlist at gmx.de>:
> On Tue, Dec 04, 2001 at 10:48:05PM +0100, Irmen de Jong wrote:
> > > How do i validate it at the customer site that the
> > > "key" installed is valid?
> > 
> > You're looking for a secure hash of your license file, to protect the
> > contents of the file from tampering.  The sha module can do this for
> > you.
> 
> The next problem is where to store the hash.

The hash is part of the signature. You sign your "feature set descriptor"
with your private key. Install the signature with the application.


> Which doesn't help at all if both keys are available to the potential
> cracker.

Your private key is not installed with the application. Indeed, it should
be kept very securely. Only the public key is installed, to verify the signature.

Such schemes won't stop determined pirates, though. They only keep honest
people honest.


-- 
Ng Pheng Siong <ngps at post1.com> * http://www.post1.com/home/ngps




More information about the Python-list mailing list