How to Create a Product Key for My C# Application

How can I create a product key for my C# application?

You can do something like create a record which contains the data you want to authenticate to the application. This could include anything you want - e.g. program features to enable, expiry date, name of the user (if you want to bind it to a user). Then encrypt that using some crypto algorithm with a fixed key or hash it. Then you just verify it within your program. One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it).

Beware of false sense of security though - sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. It doesn't matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this. Even if they can't someone will, and will distribute the hacked version. Same applies even if you supply a dongle - if someone wants to, they can patch out the check for that too. Digitally signing your code won't help, they can remove that signature, or resign it.

You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof. So you should just make it difficult enough that an honest user will not forget to pay. Also be very careful that your scheme does not become obtrusive to paying users - it's better to have some ripped off copies than for your paying customers not to be able to use what they have paid for.

Another option is to have an online check - just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period. All the same caveats apply though - people can get round anything like this.

Consider also the support costs of having to deal with users who have forgotten their key, etc.

edit: I just want to add, don't invest too much time in this or think that somehow your convoluted scheme will be different and uncrackable. It won't, and cannot be as long as people control the hardware and OS your program runs on. Developers have been trying to come up with ever more complex schemes for this, thinking that if they develop their own system for it then it will be known only to them and therefore 'more secure'. But it really is the programming equivalent of trying to build a perpetual motion machine. :-)

How to generate and validate a software license key?

Caveat: you can't prevent users from pirating, but only make it easier for honest users to do the right thing.

Assuming you don't want to do a special build for each user, then:

• Generate yourself a secret key for the product
• Take the user's name
• Concatentate the users name and the secret key and hash with (for example) SHA1
• Unpack the SHA1 hash as an alphanumeric string. This is the individual user's "Product Key"
• Within the program, do the same hash, and compare with the product key. If equal, OK.

But, I repeat: this won't prevent piracy

---

I have recently read that this approach is not cryptographically very sound. But this solution is already weak (as the software itself has to include the secret key somewhere), so I don't think this discovery invalidates the solution as far as it goes.

Just thought I really ought to mention this, though; if you're planning to derive something else from this, beware.

Coding A Product Key

I would use a json file as license file you send when the user purchases the application which contains a RSA signature inside. Your application would have the public key part of the RSA key and it will use to verify the signature of the license and your server will have the secret key used to sign the license files.

The system is decentralized and will be prone to users leaking license files but you could send a machine identifier to your web api when checking for updates and if you detect a lot of distinct machines sharing the same license guid then you mark the license as inactive.

Store the public key part of the RSA key as base64 so it would be harder to find and replace with a hex editor. Additionally you might want to obfuscate your binaries.

Look at this project: https://github.com/dnauck/Portable.Licensing/blob/develop/README.md

You can protect against spam emails with Recaptcha and email verification.

You can also give out random product keys which are converted by your api into a signed license file. These keys have limited activations (stored on the server side) and are tied to a machine identifier.

How to generate an unique key from Computer for Licensing my application?

Why would you want to go so secured as to link the application to a computer what if the user purchases your app installs in on his machine then all the sudden decides he no longer like the machine and buys a new one if your app licence would only relate to that machine it means he has to purchase the app again....

instead just use a unique key generator there are plenty of examples for this and if you do not want to have several version of app installed on the same machine you can always make a note in registery.

here are couple of examples

http://www.codeproject.com/Articles/11012/License-Key-Generation

http://www.jagregory.com/writings/rhino-licensing/

---

Related Topics