Need Licence Key Generator (For Java Product)

Dear all,

Can anyone suggest some of the state of the art, best tools for license key
generator?

We are releasing a product, so that we would like to generate license keys,
for evaluation, permanent, high availability etc, thanks

Open source also welcome, prefer proven tools,

Please advise, thanks

Regards,
Ravi

Ravi Shankar

On Sat, 12 Mar 2005 10:58:17 +0800, Ravi Shankar wrote:

> Dear all,
>
> Can anyone suggest some of the state of the art, best tools for license
> key generator?
>
> We are releasing a product, so that we would like to generate license
> keys, for evaluation, permanent, high availability etc, thanks
>
> Open source also welcome, prefer proven tools,
>
> Please advise, thanks
>
> Regards,
> Ravi

To generate:

Generate a random Initializing Vector (iv).
Serialize your license data (data).
Calculate a hash of iv + data.
return base64_encode( iv + Encrypt (data + hash) )

To verify:

blob = base64_decrypt( input )
remove the iv from the front of blob
decrypt the rest of blob (leaving only license data).
remove hash from the end
calculate the correct hash of iv + data.
If the real hash doesn't match the hash sent in, it's not a valid license.
deserialize the license data and verify it to your heart's desire.

HTH,
La'ie Techie

=?UTF-8?b?TMSByrtpZSBUZWNoaWU=?=

"Decompile the invoking class, remove the verification, compile
the new class and add it back to the jar."

Unless you have some method of _inline_ code in a lot of methods
to do a complex validation of a string from the license data,
use a tool that does something more.

You could try for example



http://freshmeat.net/projects/licensemanager

http://www.agilis-sw.com/ezlm/



But mostly the entrypoint to the licensemanager is vunerable.

With decompilers you can remove those calls from the software.

Obfuscators make it a lot harder, but not impossible.



I haven't seen any products inserting bytecode to prevent this

weakness. Please inform me if you do (pryxan at yahoo).
I also like to have any code which does not decompile or
decompiles to unreadable and unusable code.


Regards,
Michael.

=?UTF-8?b?TMSByrtpZSBUZWNoaWU=?=
<laie@win_remove_get_nospam_solutions.com> wrote in
news:1110786817.11fe281a25ddc1e437c2f7ae5af6ede6@t eranews:

> On Sat, 12 Mar 2005 10:58:17 +0800, Ravi Shankar wrote:
>
>> Dear all,
>>
>> Can anyone suggest some of the state of the art, best tools for
>> license key generator?
>>
>> We are releasing a product, so that we would like to generate license
>> keys, for evaluation, permanent, high availability etc, thanks
>>
>> Open source also welcome, prefer proven tools,
>>
>> Please advise, thanks
>>
>> Regards,
>> Ravi
>
> To generate:
>
> Generate a random Initializing Vector (iv).
> Serialize your license data (data).
> Calculate a hash of iv + data.
> return base64_encode( iv + Encrypt (data + hash) )
>
> To verify:
>
> blob = base64_decrypt( input )
> remove the iv from the front of blob
> decrypt the rest of blob (leaving only license data).
> remove hash from the end
> calculate the correct hash of iv + data.
> If the real hash doesn't match the hash sent in, it's not a valid
> license. deserialize the license data and verify it to your heart's
> desire.
>
> HTH,
> La'ie Techie
>
>

M van Leeuwen

L??ie Techie <laie@win_remove_get_nospam_solutions.com> wrote in message news:<1110786817.11fe281a25ddc1e437c2f7ae5af6ede6@ teranews>...
> To generate:
>
> Generate a random Initializing Vector (iv).
> Serialize your license data (data).
> Calculate a hash of iv + data.
> return base64_encode( iv + Encrypt (data + hash) )
>
> To verify:
>
> blob = base64_decrypt( input )
> remove the iv from the front of blob
> decrypt the rest of blob (leaving only license data).
> remove hash from the end
> calculate the correct hash of iv + data.
> If the real hash doesn't match the hash sent in, it's not a valid license.
> deserialize the license data and verify it to your heart's desire.

Note that if a symmetric cipher is used this would be a very bad
license algorithm as the key must be included in the licensed software
and could thus easily be used to create valid licenses (no
modifications to the software would be required). An asymmetric cipher
like RSA where the private key is kept secret would be a better
option. However, it's still very easy to modify the software to accept
any license key as valid.

/Jesper Nordenberg

Jesper Nordenberg

Hi all,

Thanks for all suggestions and valuable advises. Will try RSA with a private
key, thanks

Regards,
ravi
"Ravi Shankar" <> wrote in message
news:d0tlsa$gkg$...
> Dear all,
>
> Can anyone suggest some of the state of the art, best tools for license
> key generator?
>
> We are releasing a product, so that we would like to generate license
> keys, for evaluation, permanent, high availability etc, thanks
>
> Open source also welcome, prefer proven tools,
>
> Please advise, thanks
>
> Regards,
> Ravi
>

Ravi Shankar

[pould]

An alternative to those products mentioned is LM-X License Manager.

We've used it for a while now and it's really good.

See LM-X License Manager.
http://www.x-formation.com

Good luck.

Poul

pould

[Eugen Kocak]

Another alternative is BeeSoft Abeona at beesoft.eu/products/abeona.

It is license generator for java. License is not simple key, but standard properties file protected by MD5 checksum and RSA cryptography.

But you will need more programming to customize this library for your needs.

Maybe you find it useful.

Eugen

Eugen Kocak