Re: RSA - Public vs. Private Keys

---

• From: "Alun Jones" <alun@xxxxxxxxxxxxx>
• Date: Thu, 25 May 2006 17:14:57 -0700

---

William Stacey [MVP] wrote:

1) Your server side creates a license (xml, csv, etc) and signs it
with private key. Optionally, your client will send a unique machine
hash to the server first, so that your license can be tied to *that
machine only - otherwise that license will work on any machine.

Note that "that machine only" is a changing quantity. My motherboard breaks
tomorrow - have I lost the ability to use your application through no fault
of my own, even if I replace my motherboard? You have to consider the
support burden - and ill-will from the customer - this solution causes.

This does work. However, it still does not protect your app. If
your app is on a client, you can Not protect it. It can be cracked
or changed to get around all that fancy encryption. If you still
want that, there are free and paid solutions already that do the
above.

And they still suffer from the same problem - anyone with sufficient skill
can pretend to be the computer, and supply information to the signature
verification, or other process.

The next step up is a hardware key - a "dongle" - that will allow you to
restrict your software to running only with the approved dongle. Then you
have to handle the support effort of verifying customers whose dongles have
been lost or damaged, and suddenly can't use their software.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


.

---

• Follow-Ups:
  • Re: RSA - Public vs. Private Keys
    • From: Valery Pryamikov
  • Re: RSA - Public vs. Private Keys
    • From: William Stacey [MVP]

• References:
  • Re: RSA - Public vs. Private Keys
    • From: Dominick Baier [DevelopMentor]
  • Re: RSA - Public vs. Private Keys
    • From: Joe Kaplan \(MVP - ADSI\)
  • Re: RSA - Public vs. Private Keys
    • From: William Stacey [MVP]

• Prev by Date: Difference Role Based Security single vs repeated validation
• Next by Date: Re: RSA - Public vs. Private Keys
• Previous by thread: Re: RSA - Public vs. Private Keys
• Next by thread: Re: RSA - Public vs. Private Keys
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Could Not Establish A Connection To The Remote Computer... ... This prevents the transfer of the permanent TS CAL to the client ... second connection, it gets a permanent license). ... We have Terminal Services in application mode along with its ... (microsoft.public.win2000.termserv.apps) RE: Windows 2008 KMS, not licensing Vista clients ... Do this on your KMS host machine as well as a couple of the KMS client ... License Status: Licensed ... |>Key Management Service cumulative requests received from clients ... (microsoft.public.windows.server.setup) Re: per Device CAL ... >>> from a non-authorized client. ... >>> Let me give you an example: assume that you have 10 TS CALs, ... >>> thanks to its temporary license. ... >>> Noest MCSE, CCEA, Microsoft MVP - Terminal Server ... (microsoft.public.windows.terminal_services) Re: Removing a device license ... Have you updated the firmware of the thin client to the latest ... The license is stored on the client, not on the server. ... (microsoft.public.win2000.termserv.clients) Re: TermServ CAL issued to "Unknown" is locking one of my CALs! ... > Server client and Verizon's EVDO network. ... >> TS CALs have an expiration date of 52-89 days after issueing. ... only receive a temporary license *once* during its lifetime. ... (microsoft.public.windows.terminal_services)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2006-05