registration key : Java Glossary

go to home page R words local find full screen, hide local find menu Google search web for more information on this topic jump to foot of page translate this page with Babelfish punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all) ©1996-2009 2008-08-11 Roedy Green, Canadian Mind Products
registration key
aka licencing key. When you register software, often the vendor will give you a piece of gibberish, called the registration key, that when you enter it into your program unlocks various features and embeds your name into it. Essentially this is the customer’s name encrypted and ASCII-armoured. The program embeds the decryption key, perhaps camouflaged, so in principle a hacker can decode it too. Not only can a hacker decode the registration key, he can remove the need for it entirely from your program. Registration keys are only designed to restrict non-technical users.

You could buy a installer packaging program which will add a registration key to your program, or you could roll your own. Rolling your own adds another level of difficulty to the hacker and reduces the payoff for cracking — all he exploits is you, not everyone who uses Wise or some major installer packager.

Trivial Scheme

An easy-to-program but not very secure scheme works like this: Create a “secret key” perhaps 256 bytes long made of randomly selected numbers. See the Password Generator for code to do that. Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then XOR the message byte by byte with your secret key and ASCII armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program XORs the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 checksum.

Symmetric Encryption

An easy-to-program but not very secure scheme works like this: Compose a message consisting of the customer’s name, anything else you want, e.g. names of optional features you want enabled, then append an MD5 digest. Then encrypt the message with any symmetric key encryption algorithm ASCII armour it. You email that to the customer when he registers. The customer uses copy/paste to enter the registration key into your program. The program decrypts the the message with its embedded copy of the secret key (hidden in various bit all over your program), getting you back to the original and verifies the MD5 checksum.

Assymmetric Encryption

For a slightly more sophisticated system, use a public-private key encryption. You can use JCE RSA public-private key encryption, or you can use the lightweight methods I use in the Transporter that don’t require any Java encryption libraries. Then you embed only the public key in the program. Somebody cracking your code still can’t issue licence keys since they don’t know the secret key.

USB Flash drives are getting so cheap you can use them as part of your security scheme. You can keep chunks of the progam on them.

armouring
Cipher
digest
installer
JCE
MD5
obfuscator
registration key generator student project
USB flash drive
CMP homejump to top You can get the freshest copy of this page from: or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
http://mindprod.com/jgloss/registrationkey.html J:\mindprod\jgloss\registrationkey.html
CMP logofeedback Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : feedback email
mindprod.com IP:[65.110.21.43]
view BlogYour face IP:[38.107.191.102]
You are visitor number 11.